?
Solved

Delphi Services and LocalSystem account

Posted on 2007-07-24
10
Medium Priority
?
2,993 Views
Last Modified: 2011-10-03
We have a service, running under the LOCALSYSTEM account and flagged to
interact with the desktop, that loads a DLL named SYScheduler. This DLL
has a couple of threads that, one, wait for specific times to run
specific jobs, and two, run the jobs, either by calling a function in
another DLL or running an external executable.

We have found that, any time it is trying to run the external
executables, the executable is erroring out, no AV or anything, just the
big dialog that asks if you want to send info to Microsoft, we are
running mostly on XP but will be having to support Vista soon.

Most of these executables are written in Delphi but some are
third-party
exes.

If we run the service under an administrator account, they work
just as planned.

We used to do this using MSSQL Server Agent; but since M$ removed Agent from
SQL2005, we had to create our own scheduler.

SQL Server Agent ran these same executables just fine running in the
LOCALSYSTEM account, why the difference?

Anyone come across this before? What is the cause?
Any idea how to diagnose the reasons behind this and work out what is
going wrong?
0
Comment
Question by:EddieShipman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 21

Accepted Solution

by:
ziolko earned 500 total points
ID: 19562970
all processes created by give process are running in same user context as calling process, in other words if your service is running as local system all execs it will spawn will also run as local system.
local system account has many limitations so your behaviour may depend on what those apps do, this is not really solution for you but maybe it will ring some bells

ziolko.
0
 
LVL 21

Assisted Solution

by:developmentguru
developmentguru earned 500 total points
ID: 19565141
Run the service with a higher level access account.  Your service may need to run as an administrator or super user.
0
 
LVL 17

Assisted Solution

by:TheRealLoki
TheRealLoki earned 500 total points
ID: 19569950
You could try "ImpersonateUser" to run the process as another authorised user
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Assisted Solution

by:RemkoEB
RemkoEB earned 500 total points
ID: 19687558
The applications you ran might not have access to the Desktop.
Use this to run your process in the console session:
uses
  Windows, SvcMgr,
  JwaWtsApi32;

...

var hToken: THandle;
  si: _STARTUPINFOA;
  pi: _PROCESS_INFORMATION;
begin
  ZeroMemory(@si, SizeOf(si));
  si.cb := SizeOf(si);
  si.lpDesktop := nil;
 
  if WTSQueryUserToken(WtsGetActiveConsoleSessionID, hToken) then
  begin
    if CreateProcessAsUser(hToken, nil, 'cmd.exe', nil, nil, False,
      CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP, nil,
      nil, si, pi) then
    begin
      // Do some stuff
    end;
  end;
  Self.DoStop;
end;

JwaWtsApi can be found in the Jedi ApiLib project (http://jedi-apilib.sourceforge.net/)
0
 
LVL 26

Author Comment

by:EddieShipman
ID: 19688075
Hmm, will take a look at it.
0
 
LVL 3

Expert Comment

by:RemkoEB
ID: 19689673
You need to test if from a service because only SYSTEM account has permissions to execute WTSQueryUserToken. WTSQueryUserToken obtains a full access user token so you can in fact just execute something in a specific terminal session. In this case the console (glass screen) session which is the interactive logged-on user.
0
 
LVL 26

Author Comment

by:EddieShipman
ID: 19691665
I am not using a console. I am running external applications.
0
 
LVL 3

Expert Comment

by:RemkoEB
ID: 19691746
I understand.
What I meant was that starting from Windows XP you can use a Remote Desktop session to remotely connect to your system. If you logon locally this is refered to as the Console Session.
Just try the sample code, run it your service application and run your service under the SYSTEM account. This will work!
0
 
LVL 3

Expert Comment

by:RemkoEB
ID: 20071415
Did you test?
0
 
LVL 26

Author Comment

by:EddieShipman
ID: 20073750
We've decided to goa different route and use a 3rd-party solution.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
Hello everybody This Article will show you how to validate number with TEdit control, What's the TEdit control? TEdit is a standard Windows edit control on a form, it allows to user to write, read and copy/paste single line of text. Usua…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses
Course of the Month14 days, 23 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question