Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 280
  • Last Modified:

Application/Executable Failes to Start on a 2003 Member server

Have an application set to start using a Domain account set in the policy to "allow Logon On as a service" . It runs with an account that is a member of "Domain Admins". When I change this to a differnt account whos membership is "server operator" and has full permissions (file permissions) to the executable and all the file system on which the service runs. It always failes until I make it a member of Domain Admins. I do not wish it to be a member of Domain Admins for security reasons. Any ideas .....

Event Log errors are :-
Source :Userenv  EventID:1517

Windows saved user DEV\suping registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.

 This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Source:1524     EventID:Userenv

Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  


Source : VsJITDebugger      EventID: 4096

An unhandled exception ('System.UnauthorizedAccessException') occurred in ImageHandlerService.exe [4000]. Just-In-Time debugging this exception failed with the following error: Debugger could not be started because no user is logged on.

0
ccfcfc
Asked:
ccfcfc
  • 2
1 Solution
 
DarylxCommented:
Have you tried adding the domain user account to the LOCAL admininsrators group on the member server?
0
 
ccfcfcAuthor Commented:
Yes I have done that and it resolves the issue. Just a tad worried about the knock on effect for security . Was hopign there might be another way to get round this

0
 
DarylxCommented:
Being a member of the local admins group on the server is a lot more secure than being a member of the domain admins group.  You could even create a local user so you're not even using a domain account.  Obviously use a secure password.  I have similar apps (that need to run as a user with admin rights).  The 'risk' is small enough for me to be prepared to take.

There's obviously something somewhere (possibly a registry key) that server operators etc don't have access to.  You could search the registry for keys used by the apps and give the user account permissions on those if you don't want to use an admin account.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now