Solved

Win 2k3 run as service

Posted on 2007-03-21
14
286 Views
Last Modified: 2010-04-20
I have a program that will replicate files between Wink 2k3 servers.  I have a Sever A and Server B. There is a service that needs to run in order for it to work.  I created a service account that will perform this job locally ( viceversa ).  With this local user account it does not work.

I have tested it out with my Domain Account that has admin rights and it works fine.  Files get copied from Server A to Server B.

1.Since Server A and Server B are part of a domain can I use a local account or will I need to create a domain account?
2. How will I get this none admin account to run the service and push files from Server A to Server B?
0
Comment
Question by:learn2earn
  • 9
  • 5
14 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18764317
When creating a service for servers to share tasks with, I personally, would recommend using a domain account for this process. My reason behind this is both servers, can use the same account for processing the tasks assigned to the services. It also helps with keeping things a little easier to manage.
If you were ever to have to trouble shoot an issue, you can resort back to a single account, instead of having to use an account for machine_name1\username and a seperate one for machine_name2\username. You could have problems with RPC which could cause issues with these services.
You don't necessarily have to create an account in the domain specific to this service.
I would just use a user with some or all domain administrative privledges.
Like a backup account or power user, etc.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18764362
Well we have an outside vendor that we will share this account password with.
So I want to create an account that will Serve for both purposes.

I can create a domain account but I do not what it to have admin rights.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764390
Ah, yeah.
Under those circumstances, I would definately use a domain account with restrictions.
I wouldn't use a local account to the servers. Potential exploit and a little harder to monitor.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18764723
For some reason the Domain Admin group is the only group that will allow this service to work.
I do not know why.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764773
Make sure the user is part of the services group.
Try this document on creating service accounts.
http://technet2.microsoft.com/WindowsServer/en/library/beafe0a4-3e55-4667-b03f-b3a325e1dc801033.mspx?mfr=true
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764783
I know it says it's for IIS but I believe the concept is the same, you just need to associate it with the service that you have created.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18765301
I don't understand why you wouldn't be able to setup the service to use a logon as.
So, if you right click on your service at the server and go to the Logon Tab, you should be able
to setup the service to logon as the domain\user (enter the password, verify the password) and click apply.  You should receive a confirmation dialog stating this user has access to this service.
You may need to add this user to the Power user group. But typically this isn't necessary.
Not with my experience while performing this procedure.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:learn2earn
ID: 18765476
Maybe we got lost some where.  
1. But I go into services on my Server A.
2. I go to the V Vengine service and then select the properties. This brings up several tabs.
3. I go to Log On and then I have two options Log on as ( Local System Account, or This Account).
4. I choose this account and then I put in the credentials that I created for this account ( viceversa ) which I do not want to have admin rights.
5. I start the service.  Now when I make a change to a folder on Server A it is suppose Mirror Server B. The name of the program is ( ViceVersa )  www.tgrmn.com.

But remember so far it only works when ( viceversa ) useraccount is apart of the ( domain admin group ).  I do not want it to work like that because we will be sharing this account with an outside vendor.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18765536
Does the user for the folder it's making changes to have access & privledges to make changes to the folder your looking to change? I think the user under this service requires access to the folders that you're attempting to make changes with. Permissions and Security from Server A & Server B should have the folder shared with access for the user within the Services in use.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18766005
I have added the user ( viceversa ) to both folders with full rights.
Still when I try to make a change on Server A it does not Mirror Sever B.
0
 
LVL 3

Accepted Solution

by:
fpthree earned 250 total points
ID: 18766265
This program you're using is called ViseVersa?
If so, I noticed many issues with user accounts associated with the vvEngine.
Have you checked with http://www.tgrmn.com on support for this product.
It sounds like it may be the service engine or possibly the program used to replicate from one machine to another.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18773076
Hey Learn, I'm curious to know what it was that you found on their site which resolved the issue for you?
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18773863
Actually I just went with a Domain Account and gave it the correct rights.
I will not share this info with the outside vendor. They will have a separte account.
If they stop and start the service it will not ask them for a password.

But thanks any way!!
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18780378
Ah, that works. GJ
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Lockdown of laptops 10 39
antivirus on mac 8 65
PCAnywhere 2 58
Ping request could not find host google.com?how to solve this? 10 30
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now