• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 570
  • Last Modified:

Help with securing custom made windows service C#

Experts:

I have a windows service that I created in C# that pretty much acts as an automated turn off and turn on for all the machines.  It's a relatively straight forward service and accesses sections of the computer such as:

Files on hard drive (logging)
Registry (setting retrieval)
SQL Queries (to remote server)

Right now, I have a domain account that has been added into the local administrators group AND has permissions to run services on the computers.  Everything works just fine.  What I want to do is cut this domain account out of the picture and run this as an actual service account:

NetworkService
LocalService
LocalSystem

When I try to run the service as NetworkService or LocalService, it looks to have problems reading from registry AND writing to the files in the designated locations.  When I try to run the service as LocalSystem, it has an issue reading the registry, but it CAN write to the files just fine, so the service doesn't crash, it just logs that there was an error.

Does anyone have suggestions on how I can make this more secure and practical?  I really don't like having to have a domain account run services.

This service runs on Windows XP SP2.
0
piattnd
Asked:
piattnd
  • 5
  • 3
1 Solution
 
piattndAuthor Commented:
A little more information on this:

It looks like the service is erroring when it's trying to do call out to SQL.  Any suggestions?
0
 
brutaldevCommented:
LocalSystem or NetworkService  should have pretty good access to resources on the machine as well as access across the network to a SQL server.

Could you post the actual error message you are getting from the Event Log/Viewer so we can figure out what is really failing here and why? Is it login, network access, etc?
0
 
piattndAuthor Commented:
4/26/2011 12:28:55 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:28:58 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:29:01 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:29:04 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:29:07 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
piattndAuthor Commented:
Code for my SQL connection:

        internal static SqlConnection DBConnect()
        {
            // Define variables for server connection
            string DBUser = "username";
            string DBPass = "password";
            string DBName = "PwrMgr";
            string DBServer = Config.GetDBServer();
            // Attempt connection to SQL Database.
            SqlConnection conn = new SqlConnection("user id=" + DBUser + ";password=" + DBPass + ";server=" + DBServer + ";Trusted_Connection=yes;database=" + DBName + ";connection timeout=15");
           
            try
            {
                conn.Open();
                return conn;
            }
            // Check for errors.
            catch (Exception ex)
            {
                //MessageBox.Show(ex.Message.ToString() + " : " + ex.StackTrace.ToString(), "Load Error");
                  throw ex;
            }
        }
0
 
piattndAuthor Commented:
So I may have figured out what I was doing wrong....

In my SQL connection string, I indicated "Trusted_Connection=yes", which I believe means it's going to try and authenticate with the current running credentials instead of passing the credentials I designated....

I set Trusted_Connection to no and I didn't get the error........sometimes I just love coding!

I'm going to roll with this for a bit and see how it goes, but I'm open to suggestions too!
0
 
brutaldevCommented:
Remove the Trusted_Connection=yes; bit from the connection string.

Also consider using SqlConnectionStringBuilder to build the string up.
0
 
brutaldevCommented:
Yup, beat me to it!
0
 
piattndAuthor Commented:
Thank you for your quick answer on this!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now