Permissions Issue Prevents Service Manager from Controlling Service

We have services that have been developed in .NET under Visual Studio 2008. The services install with a service manager application that provides a GUI to the service to stop, start, pause it and view its own application error log. We've had no trouble with these services under Windows Server 2003. Now I'm doing some testing on WS2008 and have run into a bizarre permissions issue that has me stumped. I installed the service from the machine's local admin account and installed if for "All Users". Everything works fine from the local admin account. Also works fine from the domain admin account, AND the developer's domain account which has domain admin privileges. But from my domain account, which is set up exaclty the same as the developer's account, I cannot control the service from the service manager GUI. I CAN control it from the Windows Services applet, but NOT from our GUI/manager program. Applicaton log error is below. I tried deleting my user profile from the WS2008 machine and recreating it, but still no luck. Any ideas? Thanks.

Begin application log error:
Log Name:      Application Source:        DeltaPatternAgentMgr
Date:          4/19/2010 10:31:03 AM
Event ID:      0 Task Category: None Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LABSRV1.vsoffice.com
Description:
svcStart_Click error System.InvalidOperationException: Cannot open Delta Pattern Agent service on computer '.'. ---> System.ComponentModel.Win32Exception: Access is denied
--- End of inner exception stack trace --- at System.ServiceProcess.ServiceController.GetServiceHandle(Int32 desiredAccess) at System.ServiceProcess.ServiceController.Start(String[] args) at System.ServiceProcess.ServiceController.Start at PatternAgentMgr.Form1.svcStart_Click(Object sender, EventArgs e) Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="DeltaPatternAgentMgr" /> <EventID Qualifiers="0">0</EventID> <Level>2</Level> <Task>0</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2010-04-19T15:31:03.000Z" /> <EventRecordID>1835</EventRecordID> <Channel>Application</Channel> <Computer>LABSRV1.vsoffice.com</Computer> <Security /> </System> <EventData> <Data>svcStart_Click error System.InvalidOperationException: Cannot open Delta Pattern Agent service on computer '.'. ---&gt; System.ComponentModel.Win32Exception: Access is denied
--- End of inner exception stack trace --- at System.ServiceProcess.ServiceController.GetServiceHandle(Int32 desiredAccess) at System.ServiceProcess.ServiceController.Start(String[] args) at System.ServiceProcess.ServiceController.Start at PatternAgentMgr.Form1.svcStart_Click(Object sender, EventArgs e)</Data> </EventData> </Event>

End application log error
LVL 1
tcianfloneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Netman66Commented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tcianfloneAuthor Commented:
Interesting. I set the local security policy for Run all Administrators in Admin Approval Mode to Disabled and now I can control the service from the service manager GUI that we deploy. Why do you suppose this is happening only with my account and not the developer's account, which has the same domain privilege level as mine? Any additional troubleshooting you suggest?
0
Netman66Commented:
It may be an ownership/permission issue that is carried over from the Dev account and pushed down to the file level.

Re-ACL the files perhaps?  Change ownership to Administrators also.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

tcianfloneAuthor Commented:
Looks like by default upon installing the service and service manager, the owner is set to SYSTEM. I checked the security tabs of both the service exe and the service manager exe and SYSTEM owns them both. You are suggesting I set the ownership to Admins, correct? Admins and both my account and the developer's account have full control. How would you suggest I re-ACL the files as I have never had to do that? Thanks.
0
Netman66Commented:
If System owns them, then is it set to interact with the desktop?

I'm not sure re-ACLing them is necessary if the owner is already not a specific user.

You could certainly try changing the owner to the Administrator's group for testing.

0
tcianfloneAuthor Commented:
Making the UAC change fixed the problem, but I still don't know why this was an issue on this one service installation where other similar ones did not exhibit this same issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
.NET Programming

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.