I have a windows service that I created in C# that pretty much acts as an automated turn off and turn on for all the machines. It's a relatively straight forward service and accesses sections of the computer such as:
Files on hard drive (logging)
Registry (setting retrieval)
SQL Queries (to remote server)
Right now, I have a domain account that has been added into the local administrators group AND has permissions to run services on the computers. Everything works just fine. What I want to do is cut this domain account out of the picture and run this as an actual service account:
When I try to run the service as NetworkService or LocalService, it looks to have problems reading from registry AND writing to the files in the designated locations. When I try to run the service as LocalSystem, it has an issue reading the registry, but it CAN write to the files just fine, so the service doesn't crash, it just logs that there was an error.
Does anyone have suggestions on how I can make this more secure and practical? I really don't like having to have a domain account run services.
This service runs on Windows XP SP2.