Solved

Win 2k3 run as service

Posted on 2007-03-21
14
290 Views
Last Modified: 2010-04-20
I have a program that will replicate files between Wink 2k3 servers.  I have a Sever A and Server B. There is a service that needs to run in order for it to work.  I created a service account that will perform this job locally ( viceversa ).  With this local user account it does not work.

I have tested it out with my Domain Account that has admin rights and it works fine.  Files get copied from Server A to Server B.

1.Since Server A and Server B are part of a domain can I use a local account or will I need to create a domain account?
2. How will I get this none admin account to run the service and push files from Server A to Server B?
0
Comment
Question by:learn2earn
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
14 Comments
 
LVL 3

Expert Comment

by:fpthree
ID: 18764317
When creating a service for servers to share tasks with, I personally, would recommend using a domain account for this process. My reason behind this is both servers, can use the same account for processing the tasks assigned to the services. It also helps with keeping things a little easier to manage.
If you were ever to have to trouble shoot an issue, you can resort back to a single account, instead of having to use an account for machine_name1\username and a seperate one for machine_name2\username. You could have problems with RPC which could cause issues with these services.
You don't necessarily have to create an account in the domain specific to this service.
I would just use a user with some or all domain administrative privledges.
Like a backup account or power user, etc.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18764362
Well we have an outside vendor that we will share this account password with.
So I want to create an account that will Serve for both purposes.

I can create a domain account but I do not what it to have admin rights.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764390
Ah, yeah.
Under those circumstances, I would definately use a domain account with restrictions.
I wouldn't use a local account to the servers. Potential exploit and a little harder to monitor.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 2

Author Comment

by:learn2earn
ID: 18764723
For some reason the Domain Admin group is the only group that will allow this service to work.
I do not know why.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764773
Make sure the user is part of the services group.
Try this document on creating service accounts.
http://technet2.microsoft.com/WindowsServer/en/library/beafe0a4-3e55-4667-b03f-b3a325e1dc801033.mspx?mfr=true
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18764783
I know it says it's for IIS but I believe the concept is the same, you just need to associate it with the service that you have created.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18765301
I don't understand why you wouldn't be able to setup the service to use a logon as.
So, if you right click on your service at the server and go to the Logon Tab, you should be able
to setup the service to logon as the domain\user (enter the password, verify the password) and click apply.  You should receive a confirmation dialog stating this user has access to this service.
You may need to add this user to the Power user group. But typically this isn't necessary.
Not with my experience while performing this procedure.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18765476
Maybe we got lost some where.  
1. But I go into services on my Server A.
2. I go to the V Vengine service and then select the properties. This brings up several tabs.
3. I go to Log On and then I have two options Log on as ( Local System Account, or This Account).
4. I choose this account and then I put in the credentials that I created for this account ( viceversa ) which I do not want to have admin rights.
5. I start the service.  Now when I make a change to a folder on Server A it is suppose Mirror Server B. The name of the program is ( ViceVersa )  www.tgrmn.com.

But remember so far it only works when ( viceversa ) useraccount is apart of the ( domain admin group ).  I do not want it to work like that because we will be sharing this account with an outside vendor.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18765536
Does the user for the folder it's making changes to have access & privledges to make changes to the folder your looking to change? I think the user under this service requires access to the folders that you're attempting to make changes with. Permissions and Security from Server A & Server B should have the folder shared with access for the user within the Services in use.
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18766005
I have added the user ( viceversa ) to both folders with full rights.
Still when I try to make a change on Server A it does not Mirror Sever B.
0
 
LVL 3

Accepted Solution

by:
fpthree earned 250 total points
ID: 18766265
This program you're using is called ViseVersa?
If so, I noticed many issues with user accounts associated with the vvEngine.
Have you checked with http://www.tgrmn.com on support for this product.
It sounds like it may be the service engine or possibly the program used to replicate from one machine to another.
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18773076
Hey Learn, I'm curious to know what it was that you found on their site which resolved the issue for you?
0
 
LVL 2

Author Comment

by:learn2earn
ID: 18773863
Actually I just went with a Domain Account and gave it the correct rights.
I will not share this info with the outside vendor. They will have a separte account.
If they stop and start the service it will not ask them for a password.

But thanks any way!!
0
 
LVL 3

Expert Comment

by:fpthree
ID: 18780378
Ah, that works. GJ
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question