We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Help with securing custom made windows service C#

piattnd
piattnd asked
on
Medium Priority
589 Views
Last Modified: 2013-12-04
Experts:

I have a windows service that I created in C# that pretty much acts as an automated turn off and turn on for all the machines.  It's a relatively straight forward service and accesses sections of the computer such as:

Files on hard drive (logging)
Registry (setting retrieval)
SQL Queries (to remote server)

Right now, I have a domain account that has been added into the local administrators group AND has permissions to run services on the computers.  Everything works just fine.  What I want to do is cut this domain account out of the picture and run this as an actual service account:

NetworkService
LocalService
LocalSystem

When I try to run the service as NetworkService or LocalService, it looks to have problems reading from registry AND writing to the files in the designated locations.  When I try to run the service as LocalSystem, it has an issue reading the registry, but it CAN write to the files just fine, so the service doesn't crash, it just logs that there was an error.

Does anyone have suggestions on how I can make this more secure and practical?  I really don't like having to have a domain account run services.

This service runs on Windows XP SP2.
Comment
Watch Question

Author

Commented:
A little more information on this:

It looks like the service is erroring when it's trying to do call out to SQL.  Any suggestions?
LocalSystem or NetworkService  should have pretty good access to resources on the machine as well as access across the network to a SQL server.

Could you post the actual error message you are getting from the Event Log/Viewer so we can figure out what is really failing here and why? Is it login, network access, etc?

Author

Commented:
4/26/2011 12:28:55 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:28:58 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:29:01 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:29:04 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()
4/26/2011 12:29:07 PM:::System.Data.SqlClient.SqlException: Login failed for user 'Domain\Computer$'.
   at PwrMgr.Database.GetShutdownTimes()
   at PwrMgr.Config.PullConfig()

Author

Commented:
Code for my SQL connection:

        internal static SqlConnection DBConnect()
        {
            // Define variables for server connection
            string DBUser = "username";
            string DBPass = "password";
            string DBName = "PwrMgr";
            string DBServer = Config.GetDBServer();
            // Attempt connection to SQL Database.
            SqlConnection conn = new SqlConnection("user id=" + DBUser + ";password=" + DBPass + ";server=" + DBServer + ";Trusted_Connection=yes;database=" + DBName + ";connection timeout=15");
           
            try
            {
                conn.Open();
                return conn;
            }
            // Check for errors.
            catch (Exception ex)
            {
                //MessageBox.Show(ex.Message.ToString() + " : " + ex.StackTrace.ToString(), "Load Error");
                  throw ex;
            }
        }

Author

Commented:
So I may have figured out what I was doing wrong....

In my SQL connection string, I indicated "Trusted_Connection=yes", which I believe means it's going to try and authenticate with the current running credentials instead of passing the credentials I designated....

I set Trusted_Connection to no and I didn't get the error........sometimes I just love coding!

I'm going to roll with this for a bit and see how it goes, but I'm open to suggestions too!
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
Yup, beat me to it!

Author

Commented:
Thank you for your quick answer on this!
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.