Program running as a service is unable to access mapped drives

I have a backup program that I want to run as a service (which is supported by the vendor), but when I install it as a service it cannot access any mapped drives (which again is supported by the vendor).  I get an access is denied when I double click on the mapped drive from the backup program.  The mapped drives can be accessed just fine from within my computer so it is the service that is creating the problem, plus the program can access the mapped drives when not running as a service.  I found a MS bulletin that covers this issue but only on Windows NT.  I am working with Windows 2000 Pro, Server and XP.;EN-US;122702

I am sure there is something similar that I need to do on the Windows 2000 pro clients to allow for the drive access.  I am starting the service usingthe local service account and it has to interact with the desktop.  I have tried starting the service using a different credential but it will not interact with the desktop.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

paraghsDy General ManagerCommented:
Go to Control Panel -> Administrative Tools -> Services.

Locate the service that has been installed by your backup programme.
Check the name under "Log On As" column. If it is LocalSystem (most probably it will be), right click that service, click on Properties.

Under the tab "Log On", click on radio button "This Account", choose your Administrator account, give its password.

Restart your computer. Now your backup program should access your mapped drives.
murrycAuthor Commented:
I can do that, but the service will start and show that it is running, but it does in interact with the desktop so I am unable to open its interface.  If I try to run the program using its shortcut it tells me to open the program from the system tray because it sees that it is already running.  Is there anyway I can do what you suggest but also have it interact with the desktop?
paraghsDy General ManagerCommented:
Sorry murryc,

I am not aware how can you make a service interact with desktop.

I can only suggest a roundabout.
Whenever you need to interact with your programme, stop the service, kill its application from Task Manager, and run your programme. Now you can make changes to your programme options.

When your service restarts (either manually, or on next Windows start), your changes made to the programme will be valid.
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

murrycAuthor Commented:
good point, I would still like to leave this open to see if anyone else has an idea
David LeeCommented:
Hi, murryc.

It seems like you're in a "Catch-22" situation.  If you set the service to use a different set of credentials, then you can't check the "Allow service to interact with desktop" option.  On the other hand, if you stay with the system account and check the box to allow the service to interact with the desktop, then the service can't access the mapped drives.  Before I suggest a remedy, I've a question and a comment.  The question first: why does the program need access to mapped drives?  Is it because it's backing up other computers?  And now the comment.  It's unusual and not recommended for services to interact with the desktop.  Most services don't.  They may appear to but that's usually accomplished by a second program, not a service, that's visible on the desktop and communicates behind the scenes with the actual service.  If you go through the properties of the services installed on your system you're likely to find that the majority aren't set to interact with the desktop.

Okay, let's see if we can find away around the problems.  To interact with the desktop you're going to have to leave the service set to run under the System account.  That leaves the problem of accessing mapped drives.  The only solution I can see for that is to grant the System account on the machine with the backup software access rights to the mapped drives.  To do that you'll need to go to the machines the drive letters map to and grant the system account from the backup machine rights to the shares.  To do this you'll need to follow the same steps as you would to grant any account permissions in NTFS.  If you need specific instructions on how to do that, then let me know.
murrycAuthor Commented:
BlueDevilFan..please do give me further details on setting up those permissions.  Your right about the mapped drives.  The program is backing up data across those drives.
David LeeCommented:
Here are the steps for setting the permissions.  These are done on the remote machines, i.e. not the one running the backup program.  I'm also assuming, though you haven't said, that the computers in question are all members of a domain.

1.  Launch Windows Explorer.
2.  Right-click on the C: drive and select Properties.
3.  Click the Security tab.
4.  Look and see what accounts have permissions.  On most Windows machines I believe you'll find that the group Everyone has full access.  If that's the case, then click Cancel to close the dialog-box.  Otherwise, report back on what accounts have permissions.  Close the dialog-box.
5.  Right-click on the share, or the first share if there are multiple shares, that you are mapping too on this machine.  Select Properties.
6.  Click on the Security tab.  
7.  Look and see what accounts have permissions.  If the group Everyone has permissions, then I can't see why the system account the backup service is running under is having problems mapping a drive.  Everyone is quite litteraly any account that can get to the machine.  If Everyone does not have permissions, then move on to step 8.  Otherwise, stop here and report back what you've found.
8.  Open Control Panel->Administrative Tools->Computer Management->Local Users and Groups->Groups.
9.  Right-click on Backup Operators and select Properties.
10.  Click Add.
11.  Click the pulldown next to "Look in" and select the computer running the backup program.  This should bring up a list of all accounts on that computer.
12.  Scroll through the list of accounts until you find SYSTEM.  Select it, then click the Add button.
13.  Click OK.
14.  Go back to Windows Explorer.
15.  Right-click on the share, or the first share, that you map a drive to.  Select Properties.
16.  Click the Security tab.
17.  Click Add.
18.  Verify that the current computer is selected in the "Look in" pulldown.  If it's not, select it.
19.  Scroll through the list of accounts until you find Backup Operators.  Select it, then click Add.
20.  Click OK.
21.  Click the Modify checkbox under Permissions.
22.  Click OK.
23.  Repeat steps 15-22 for each share on the computer that the backup program maps a drive to.  If this was the only one, then move on to the next PC and repeat steps 8-22.

What these steps do is add the System account from the backup computer to the local Backup Operators group and then give that group the necessary permissions to access the share the backup program is mapping a drive to.  It's always better to assign permissions to groups than to individual accounts.  Later on if you want to remove permissions, then just remove the account from the Backup Operators group.

I hope this helps.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
murrycAuthor Commented:
I have one company that is a domain and another company that is not running a domain.  Will this solution work on the computers not configured as a domain?
murrycAuthor Commented:
I do not like the idea of giving everyone permission to view the contents of the shares.  if we are backing up files on that share then there is likley important content that needs to be controlled in regards to access.  is there a way to just give the system account access instead of everyone.  I tested your solution and it did work when I told it to allow for everyone.
David LeeCommented:
I agree that granting Everyone access is a potential problem and that's why I didn't say to grant permissions to the Everyone group.  What I said was that by default Everyone usually has permissions.  In other words, that's the way Windows is configured out of the box.  I really just wanted you to check and see what permissions are in place.  If Everyone already had permissions and the account the service was running under still couldn't access a mapped drive, then we'd have a completely different problem than if Everyone didn't have access.  If you put the System account of the machine with the backup software in the Backup Operators group on all the other comptuers and then grant Backup Operators access, that should solve the problem.  I don't think that'll work in the non-domain setting though because on those machines you aren't given the opportuinty to choose an account from another computer.  Instead, I believe you are limited to choosing an account from the local computer.  
murrycAuthor Commented:
well said....

Is there a way to create the system account on the non-domain computers so that it will work your is there just no way a non-domain configuration will happen.
David LeeCommented:
Let me see what I can come up with.  I'll post an answer within 24 hours.
David LeeCommented:
Good morning.

I searched but cannot find a solution for the non-domain computers.  According to my experience and everything I've read computers that are not in a domain can only grant rights to accounts on the individual computer.  Sorry, I don't see a way around this.  

As a matter of curiosity, what backup software are you using?
murrycAuthor Commented: am actually a provider.
murrycAuthor Commented:
figured out that you can access shared folders and drives just fine.  it was the administrator mapped drives that were not working.  i.e  \\computer\c$  the system account would never be able to access those drive shares because they are admin access only.  I did though have to implement the above registry solutions that I posted in first question that came from the software vendor and the solution works on both non-domain and domain computers.
David LeeCommented:
Cool!  Glad it works.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.