Application/Executable Failes to Start on a 2003 Member server

Have an application set to start using a Domain account set in the policy to "allow Logon On as a service" . It runs with an account that is a member of "Domain Admins". When I change this to a differnt account whos membership is "server operator" and has full permissions (file permissions) to the executable and all the file system on which the service runs. It always failes until I make it a member of Domain Admins. I do not wish it to be a member of Domain Admins for security reasons. Any ideas .....

Event Log errors are :-
Source :Userenv  EventID:1517

Windows saved user DEV\suping registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Source:1524     EventID:Userenv

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  


Source : VsJITDebugger      EventID: 4096

An unhandled exception ('System.UnauthorizedAccessException') occurred in ImageHandlerService.exe [4000]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

ccfcfcAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
DarylxConnect With a Mentor Commented:
Have you tried adding the domain user account to the LOCAL admininsrators group on the member server?
0
 
ccfcfcAuthor Commented:
Yes I have done that and it resolves the issue. Just a tad worried about the knock on effect for security . Was hopign there might be another way to get round this

0
 
DarylxCommented:
Being a member of the local admins group on the server is a lot more secure than being a member of the domain admins group.  You could even create a local user so you're not even using a domain account.  Obviously use a secure password.  I have similar apps (that need to run as a user with admin rights).  The 'risk' is small enough for me to be prepared to take.

There's obviously something somewhere (possibly a registry key) that server operators etc don't have access to.  You could search the registry for keys used by the apps and give the user account permissions on those if you don't want to use an admin account.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.