Solved

Windows Service to use LocalSystem to access network drive?

Posted on 2011-09-03
18
928 Views
Last Modified: 2012-05-12
Hello, I'm trying to create a windows service that copies all the files in a directory on a network drive to a local folder.  I am using UNC instead of a mapped name which is passed in from an .ini file.  The serviceprocessinstaller1 is set to LocalSystem account.  The following code always gives me an access denied error.  I am reading that windows services are tricky to get to access network drives and I'm asking how to set this up with the installers.  I tried to use the properties window of the service to use the name and logon of a user but that didnt work either.  The code fails at the If sourceDir.exists part and logs the Log("Source directory is not available: " + SourceDir.FullName).  My question is what is the correct way to set this up:

LocalSystem or one of the other 3?
Local System Account or This account from service properties window?
I don't want to hardcode the account name/password.
Does it matter that I'm using the .msi file generated by the Setup project of the Solution?

Sub CopyDirectory(ByVal SourcePath As String, ByVal DestPath As String, Optional ByVal Overwrite As Boolean = False)
        Dim SourceDir As DirectoryInfo = New DirectoryInfo(SourcePath)
        Dim DestDir As DirectoryInfo = New DirectoryInfo(DestPath)

        Try
            ' the source directory must exist, otherwise throw an exception
            If SourceDir.Exists Then                ' if destination SubDir's parent SubDir does not exist throw an exception
                If Not DestDir.Parent.Exists Then
                    ' Throw New DirectoryNotFoundException("Destination directory does not exist: " + DestDir.Parent.FullName)
                    Log("Destination directory does not exist: " + DestDir.Parent.FullName)

                End If

                If Not DestDir.Exists Then
                    DestDir.Create()
                End If

                ' copy all the files of the current directory
                Dim ChildFile As FileInfo
                For Each ChildFile In SourceDir.GetFiles()
                    If Overwrite Then
                        ChildFile.CopyTo(Path.Combine(DestDir.FullName, ChildFile.Name), True)
                    Else
                        ' if Overwrite = false, copy the file only if it does not exist
                        ' this is done to avoid an IOException if a file already exists
                        ' this way the other files can be copied anyway...
                        If Not File.Exists(Path.Combine(DestDir.FullName, ChildFile.Name)) Then
                            ChildFile.CopyTo(Path.Combine(DestDir.FullName, ChildFile.Name), False)
                        End If
                    End If
                Next

                ' copy all the sub-directories by recursively calling this same routine
                Dim SubDir As DirectoryInfo

                For Each SubDir In SourceDir.GetDirectories()
                    CopyDirectory(SubDir.FullName, Path.Combine(DestDir.FullName, _
                        SubDir.Name), Overwrite)
                Next
                Log("All files copied to destination: " + DestPath)
            Else
                ' Throw New DirectoryNotFoundException("Source directory does not exist: " + SourceDir.FullName)
                Log("Source directory is not available: " + SourceDir.FullName)   
         End If

        Catch ex As Exception
            Log(ex.ToString)
        End Try
    End Sub

Open in new window

0
Comment
Question by:zipnotic
  • 9
  • 5
  • 4
18 Comments
 
LVL 6

Expert Comment

by:c1nmo
ID: 36478416
Once the service is installed can you not just go into its config and tick 'this account' and enter an account with permissions to the network folder (share and ntfs).
0
 

Author Comment

by:zipnotic
ID: 36478447
I can but it still wasn't working.  It failed at the same code which makes me think it is something windows domain related or perhaps I had it set to something other than LocalSystem for that attempt.  Should I (regardless of security concerns) be using the LocalSystem account in the processinstaller?
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36478555
Working ok if you run the code as a standard standalone exe?
0
 

Author Comment

by:zipnotic
ID: 36478580
Yes, works great as windows forms app.
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36478615
If you check in windows task manager and look for your service exe it will tell you what user it is running under.  If a standalone exe is working, use the account you logon with for the service as a test.
0
 
LVL 2

Expert Comment

by:atea_bjorn
ID: 36480192
Hi, best practice is to use a named account as service account. If you must use the local system account, then you need to grant the computer account rights to the folder you want to grab files from and to.

I can remember wrong now, but I'm pretty certain that Local System account is not able to run network traffic and that's when they implemented the Network Service account.

But if I would have done this. I would have used a named account with a complex password as the service account. Wich you set up under the properties of the service.

Cheers
Björn
0
 

Author Comment

by:zipnotic
ID: 36480453
I am using local system and entering user account info in the properties of the service but when I start service it gives a logon error.  I know the logon is correct as that account is what all users log on with so I also know it has rights to needed folders.  I had deleted the winform version but now I may resurrect it and minimize it to tray to avoid this headache unless someone has an idea?
0
 
LVL 2

Expert Comment

by:atea_bjorn
ID: 36480514
Hi, my guess is that you need to set the property "Allow logon as a service"

http://technet.microsoft.com/en-us/library/cc739424(WS.10).aspx

Have you tried this?

0
 

Author Comment

by:zipnotic
ID: 36480743
I will try it as soon as I can, it seems to fit the symptoms.  So, following best practice of creating an account for services: use a localsystem, I need to set it up with rights in the domain, allow it to logon as a service, and once installed provide the credentials in the property window.

Is there an easy way to do some of this stuff with the inataller?
0
 
LVL 2

Expert Comment

by:atea_bjorn
ID: 36480876
If you are going to use Local System/Network Service you need to grant your computer account rights to the share ie. DOMAIN\Computeraccount$

I hope you have enough answers to help you out now.

Cheers Björn
0
 

Author Comment

by:zipnotic
ID: 36484392
Still couldn't get the service to connect and the user account is listed security policy for rights to the drive.  Any other ideas before I make this a winform and flush the idea of a service?  I appreciate your help.
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36484448
So the service won't even start under the user account?  What does the event log say?
0
 
LVL 2

Accepted Solution

by:
atea_bjorn earned 500 total points
ID: 36485409
Have you set the proper settings in the GPO to allow Logon as a service  and allow log on locally??

0
 

Author Comment

by:zipnotic
ID: 36485742
This seems to be an additional error when I first start the service.  As far as I can see there are no modal boxes to be opened up.  I believe I have the user set up as logon for service in the local security policy on the PC.

9/5/2011 3:40:54 PM System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
   at System.Windows.Forms.MessageBox.ShowCore(IWin32Window owner, String text, String caption, MessageBoxButtons buttons, MessageBoxIcon icon, MessageBoxDefaultButton defaultButton, MessageBoxOptions options, Boolean showHelp)
   at System.Windows.Forms.MessageBox.Show(IWin32Window owner, String text, String caption, MessageBoxButtons buttons, MessageBoxIcon icon, MessageBoxDefaultButton defaultButton, MessageBoxOptions options)
   at Microsoft.VisualBasic.Interaction.MsgBox(Object Prompt, MsgBoxStyle Buttons, Object Title)
   at numberService.numberService.Log(String logMessage)
   at numberService.numberService.OnStart(String[] args)
0
 
LVL 6

Expert Comment

by:c1nmo
ID: 36485986
You have message boxes?
0
 

Author Comment

by:zipnotic
ID: 36486026
No. shouldnt be anything remotely close to msgboxes.
0
 

Author Comment

by:zipnotic
ID: 36488385
Wow.  I actually got it to work on a different pc by using just the pc name in the properties of the service.   On the other pc it always added a .\pcname in the properties logon window.  I dont know why it is adding that or if that is what is causing the denial of access to the drive.  I should mention this is an occasionally connected environment so the drive comes andgoes.
0
 

Author Closing Comment

by:zipnotic
ID: 36531231
This set me on the right track to fix the symtpom.
0

Join & Write a Comment

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now