Solved

Application/Executable Failes to Start on a 2003 Member server

Posted on 2009-03-31
3
269 Views
Last Modified: 2012-05-06
Have an application set to start using a Domain account set in the policy to "allow Logon On as a service" . It runs with an account that is a member of "Domain Admins". When I change this to a differnt account whos membership is "server operator" and has full permissions (file permissions) to the executable and all the file system on which the service runs. It always failes until I make it a member of Domain Admins. I do not wish it to be a member of Domain Admins for security reasons. Any ideas .....

Event Log errors are :-
Source :Userenv  EventID:1517

Windows saved user DEV\suping registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Source:1524     EventID:Userenv

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  


Source : VsJITDebugger      EventID: 4096

An unhandled exception ('System.UnauthorizedAccessException') occurred in ImageHandlerService.exe [4000]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

0
Comment
Question by:ccfcfc
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Darylx earned 500 total points
ID: 24027011
Have you tried adding the domain user account to the LOCAL admininsrators group on the member server?
0
 

Author Comment

by:ccfcfc
ID: 24027117
Yes I have done that and it resolves the issue. Just a tad worried about the knock on effect for security . Was hopign there might be another way to get round this

0
 
LVL 10

Expert Comment

by:Darylx
ID: 24027174
Being a member of the local admins group on the server is a lot more secure than being a member of the domain admins group.  You could even create a local user so you're not even using a domain account.  Obviously use a secure password.  I have similar apps (that need to run as a user with admin rights).  The 'risk' is small enough for me to be prepared to take.

There's obviously something somewhere (possibly a registry key) that server operators etc don't have access to.  You could search the registry for keys used by the apps and give the user account permissions on those if you don't want to use an admin account.
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
exchange, windows server 6 57
Server 2008 SBS is losing disk space 4 88
Moving Files servers to DFS 11 43
Copy an entire Active Directory Domain to a dev environment 4 104
by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
This Micro Tutorial will teach you how to censor certain areas of your screen. The example in this video will show a little boy's face being blurred. This will be demonstrated using Adobe Premiere Pro CS6.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now