Solved

Application/Executable Failes to Start on a 2003 Member server

Posted on 2009-03-31
3
268 Views
Last Modified: 2012-05-06
Have an application set to start using a Domain account set in the policy to "allow Logon On as a service" . It runs with an account that is a member of "Domain Admins". When I change this to a differnt account whos membership is "server operator" and has full permissions (file permissions) to the executable and all the file system on which the service runs. It always failes until I make it a member of Domain Admins. I do not wish it to be a member of Domain Admins for security reasons. Any ideas .....

Event Log errors are :-
Source :Userenv  EventID:1517

Windows saved user DEV\suping registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Source:1524     EventID:Userenv

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  


Source : VsJITDebugger      EventID: 4096

An unhandled exception ('System.UnauthorizedAccessException') occurred in ImageHandlerService.exe [4000]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

0
Comment
Question by:ccfcfc
  • 2
3 Comments
 
LVL 10

Accepted Solution

by:
Darylx earned 500 total points
Comment Utility
Have you tried adding the domain user account to the LOCAL admininsrators group on the member server?
0
 

Author Comment

by:ccfcfc
Comment Utility
Yes I have done that and it resolves the issue. Just a tad worried about the knock on effect for security . Was hopign there might be another way to get round this

0
 
LVL 10

Expert Comment

by:Darylx
Comment Utility
Being a member of the local admins group on the server is a lot more secure than being a member of the domain admins group.  You could even create a local user so you're not even using a domain account.  Obviously use a secure password.  I have similar apps (that need to run as a user with admin rights).  The 'risk' is small enough for me to be prepared to take.

There's obviously something somewhere (possibly a registry key) that server operators etc don't have access to.  You could search the registry for keys used by the apps and give the user account permissions on those if you don't want to use an admin account.
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now