Solved

Win 2k3 run as service

Posted on 2007-03-21
14
287 Views
Last Modified: 2010-04-20
I have a program that will replicate files between Wink 2k3 servers.  I have a Sever A and Server B. There is a service that needs to run in order for it to work.  I created a service account that will perform this job locally ( viceversa ).  With this local user account it does not work.

I have tested it out with my Domain Account that has admin rights and it works fine.  Files get copied from Server A to Server B.

1.Since Server A and Server B are part of a domain can I use a local account or will I need to create a domain account?
2. How will I get this none admin account to run the service and push files from Server A to Server B?
0
Comment
Question by:learn2earn
  • 9
  • 5
14 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18764317
When creating a service for servers to share tasks with, I personally, would recommend using a domain account for this process. My reason behind this is both servers, can use the same account for processing the tasks assigned to the services. It also helps with keeping things a little easier to manage.
If you were ever to have to trouble shoot an issue, you can resort back to a single account, instead of having to use an account for machine_name1\username and a seperate one for machine_name2\username. You could have problems with RPC which could cause issues with these services.
You don't necessarily have to create an account in the domain specific to this service.
I would just use a user with some or all domain administrative privledges.
Like a backup account or power user, etc.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18764362
Well we have an outside vendor that we will share this account password with.
So I want to create an account that will Serve for both purposes.

I can create a domain account but I do not what it to have admin rights.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764390
Ah, yeah.
Under those circumstances, I would definately use a domain account with restrictions.
I wouldn't use a local account to the servers. Potential exploit and a little harder to monitor.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18764723
For some reason the Domain Admin group is the only group that will allow this service to work.
I do not know why.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764773
Make sure the user is part of the services group.
Try this document on creating service accounts.
http://technet2.microsoft.com/WindowsServer/en/library/beafe0a4-3e55-4667-b03f-b3a325e1dc801033.mspx?mfr=true
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764783
I know it says it's for IIS but I believe the concept is the same, you just need to associate it with the service that you have created.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18765301
I don't understand why you wouldn't be able to setup the service to use a logon as.
So, if you right click on your service at the server and go to the Logon Tab, you should be able
to setup the service to logon as the domain\user (enter the password, verify the password) and click apply.  You should receive a confirmation dialog stating this user has access to this service.
You may need to add this user to the Power user group. But typically this isn't necessary.
Not with my experience while performing this procedure.
0
Why are Office 365 signatures so complicated?

Trying to setup transport rules for Office 365 email signatures and can’t quite figure it out? Having to test the signature over and over? Make things simple by using Exclaimer Cloud - Signatures for Office 365.

 
LVL 2

Author Comment

by:learn2earn
ID: 18765476
Maybe we got lost some where.  
1. But I go into services on my Server A.
2. I go to the V Vengine service and then select the properties. This brings up several tabs.
3. I go to Log On and then I have two options Log on as ( Local System Account, or This Account).
4. I choose this account and then I put in the credentials that I created for this account ( viceversa ) which I do not want to have admin rights.
5. I start the service.  Now when I make a change to a folder on Server A it is suppose Mirror Server B. The name of the program is ( ViceVersa )  www.tgrmn.com.

But remember so far it only works when ( viceversa ) useraccount is apart of the ( domain admin group ).  I do not want it to work like that because we will be sharing this account with an outside vendor.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18765536
Does the user for the folder it's making changes to have access & privledges to make changes to the folder your looking to change? I think the user under this service requires access to the folders that you're attempting to make changes with. Permissions and Security from Server A & Server B should have the folder shared with access for the user within the Services in use.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18766005
I have added the user ( viceversa ) to both folders with full rights.
Still when I try to make a change on Server A it does not Mirror Sever B.
0
 
LVL 3

Accepted Solution

by:
fpthree earned 250 total points
ID: 18766265
This program you're using is called ViseVersa?
If so, I noticed many issues with user accounts associated with the vvEngine.
Have you checked with http://www.tgrmn.com on support for this product.
It sounds like it may be the service engine or possibly the program used to replicate from one machine to another.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18773076
Hey Learn, I'm curious to know what it was that you found on their site which resolved the issue for you?
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18773863
Actually I just went with a Domain Account and gave it the correct rights.
I will not share this info with the outside vendor. They will have a separte account.
If they stop and start the service it will not ask them for a password.

But thanks any way!!
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18780378
Ah, that works. GJ
0

Featured Post

Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now