Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Application/Executable Failes to Start on a 2003 Member server

Posted on 2009-03-31
3
Medium Priority
?
278 Views
Last Modified: 2012-05-06
Have an application set to start using a Domain account set in the policy to "allow Logon On as a service" . It runs with an account that is a member of "Domain Admins". When I change this to a differnt account whos membership is "server operator" and has full permissions (file permissions) to the executable and all the file system on which the service runs. It always failes until I make it a member of Domain Admins. I do not wish it to be a member of Domain Admins for security reasons. Any ideas .....

Event Log errors are :-
Source :Userenv  EventID:1517

Windows saved user DEV\suping registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Source:1524     EventID:Userenv

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  


Source : VsJITDebugger      EventID: 4096

An unhandled exception ('System.UnauthorizedAccessException') occurred in ImageHandlerService.exe [4000]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

0
Comment
Question by:ccfcfc
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Darylx earned 2000 total points
ID: 24027011
Have you tried adding the domain user account to the LOCAL admininsrators group on the member server?
0
 

Author Comment

by:ccfcfc
ID: 24027117
Yes I have done that and it resolves the issue. Just a tad worried about the knock on effect for security . Was hopign there might be another way to get round this

0
 
LVL 10

Expert Comment

by:Darylx
ID: 24027174
Being a member of the local admins group on the server is a lot more secure than being a member of the domain admins group.  You could even create a local user so you're not even using a domain account.  Obviously use a secure password.  I have similar apps (that need to run as a user with admin rights).  The 'risk' is small enough for me to be prepared to take.

There's obviously something somewhere (possibly a registry key) that server operators etc don't have access to.  You could search the registry for keys used by the apps and give the user account permissions on those if you don't want to use an admin account.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Learn about cloud computing and its benefits for small business owners.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question