Windows Service to use LocalSystem to access network drive?

Hello, I'm trying to create a windows service that copies all the files in a directory on a network drive to a local folder.  I am using UNC instead of a mapped name which is passed in from an .ini file.  The serviceprocessinstaller1 is set to LocalSystem account.  The following code always gives me an access denied error.  I am reading that windows services are tricky to get to access network drives and I'm asking how to set this up with the installers.  I tried to use the properties window of the service to use the name and logon of a user but that didnt work either.  The code fails at the If sourceDir.exists part and logs the Log("Source directory is not available: " + SourceDir.FullName).  My question is what is the correct way to set this up:

LocalSystem or one of the other 3?
Local System Account or This account from service properties window?
I don't want to hardcode the account name/password.
Does it matter that I'm using the .msi file generated by the Setup project of the Solution?

Sub CopyDirectory(ByVal SourcePath As String, ByVal DestPath As String, Optional ByVal Overwrite As Boolean = False)
        Dim SourceDir As DirectoryInfo = New DirectoryInfo(SourcePath)
        Dim DestDir As DirectoryInfo = New DirectoryInfo(DestPath)

        Try
            ' the source directory must exist, otherwise throw an exception
            If SourceDir.Exists Then                ' if destination SubDir's parent SubDir does not exist throw an exception
                If Not DestDir.Parent.Exists Then
                    ' Throw New DirectoryNotFoundException("Destination directory does not exist: " + DestDir.Parent.FullName)
                    Log("Destination directory does not exist: " + DestDir.Parent.FullName)

                End If

                If Not DestDir.Exists Then
                    DestDir.Create()
                End If

                ' copy all the files of the current directory
                Dim ChildFile As FileInfo
                For Each ChildFile In SourceDir.GetFiles()
                    If Overwrite Then
                        ChildFile.CopyTo(Path.Combine(DestDir.FullName, ChildFile.Name), True)
                    Else
                        ' if Overwrite = false, copy the file only if it does not exist
                        ' this is done to avoid an IOException if a file already exists
                        ' this way the other files can be copied anyway...
                        If Not File.Exists(Path.Combine(DestDir.FullName, ChildFile.Name)) Then
                            ChildFile.CopyTo(Path.Combine(DestDir.FullName, ChildFile.Name), False)
                        End If
                    End If
                Next

                ' copy all the sub-directories by recursively calling this same routine
                Dim SubDir As DirectoryInfo

                For Each SubDir In SourceDir.GetDirectories()
                    CopyDirectory(SubDir.FullName, Path.Combine(DestDir.FullName, _
                        SubDir.Name), Overwrite)
                Next
                Log("All files copied to destination: " + DestPath)
            Else
                ' Throw New DirectoryNotFoundException("Source directory does not exist: " + SourceDir.FullName)
                Log("Source directory is not available: " + SourceDir.FullName)   
         End If

        Catch ex As Exception
            Log(ex.ToString)
        End Try
    End Sub

Open in new window

zipnoticAsked:
Who is Participating?
 
atea_bjornConnect With a Mentor Commented:
Have you set the proper settings in the GPO to allow Logon as a service  and allow log on locally??

0
 
c1nmoCommented:
Once the service is installed can you not just go into its config and tick 'this account' and enter an account with permissions to the network folder (share and ntfs).
0
 
zipnoticAuthor Commented:
I can but it still wasn't working.  It failed at the same code which makes me think it is something windows domain related or perhaps I had it set to something other than LocalSystem for that attempt.  Should I (regardless of security concerns) be using the LocalSystem account in the processinstaller?
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
c1nmoCommented:
Working ok if you run the code as a standard standalone exe?
0
 
zipnoticAuthor Commented:
Yes, works great as windows forms app.
0
 
c1nmoCommented:
If you check in windows task manager and look for your service exe it will tell you what user it is running under.  If a standalone exe is working, use the account you logon with for the service as a test.
0
 
atea_bjornCommented:
Hi, best practice is to use a named account as service account. If you must use the local system account, then you need to grant the computer account rights to the folder you want to grab files from and to.

I can remember wrong now, but I'm pretty certain that Local System account is not able to run network traffic and that's when they implemented the Network Service account.

But if I would have done this. I would have used a named account with a complex password as the service account. Wich you set up under the properties of the service.

Cheers
Björn
0
 
zipnoticAuthor Commented:
I am using local system and entering user account info in the properties of the service but when I start service it gives a logon error.  I know the logon is correct as that account is what all users log on with so I also know it has rights to needed folders.  I had deleted the winform version but now I may resurrect it and minimize it to tray to avoid this headache unless someone has an idea?
0
 
atea_bjornCommented:
Hi, my guess is that you need to set the property "Allow logon as a service"

http://technet.microsoft.com/en-us/library/cc739424(WS.10).aspx 

Have you tried this?

0
 
zipnoticAuthor Commented:
I will try it as soon as I can, it seems to fit the symptoms.  So, following best practice of creating an account for services: use a localsystem, I need to set it up with rights in the domain, allow it to logon as a service, and once installed provide the credentials in the property window.

Is there an easy way to do some of this stuff with the inataller?
0
 
atea_bjornCommented:
If you are going to use Local System/Network Service you need to grant your computer account rights to the share ie. DOMAIN\Computeraccount$

I hope you have enough answers to help you out now.

Cheers Björn
0
 
zipnoticAuthor Commented:
Still couldn't get the service to connect and the user account is listed security policy for rights to the drive.  Any other ideas before I make this a winform and flush the idea of a service?  I appreciate your help.
0
 
c1nmoCommented:
So the service won't even start under the user account?  What does the event log say?
0
 
zipnoticAuthor Commented:
This seems to be an additional error when I first start the service.  As far as I can see there are no modal boxes to be opened up.  I believe I have the user set up as logon for service in the local security policy on the PC.

9/5/2011 3:40:54 PM System.InvalidOperationException: Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
   at System.Windows.Forms.MessageBox.ShowCore(IWin32Window owner, String text, String caption, MessageBoxButtons buttons, MessageBoxIcon icon, MessageBoxDefaultButton defaultButton, MessageBoxOptions options, Boolean showHelp)
   at System.Windows.Forms.MessageBox.Show(IWin32Window owner, String text, String caption, MessageBoxButtons buttons, MessageBoxIcon icon, MessageBoxDefaultButton defaultButton, MessageBoxOptions options)
   at Microsoft.VisualBasic.Interaction.MsgBox(Object Prompt, MsgBoxStyle Buttons, Object Title)
   at numberService.numberService.Log(String logMessage)
   at numberService.numberService.OnStart(String[] args)
0
 
c1nmoCommented:
You have message boxes?
0
 
zipnoticAuthor Commented:
No. shouldnt be anything remotely close to msgboxes.
0
 
zipnoticAuthor Commented:
Wow.  I actually got it to work on a different pc by using just the pc name in the properties of the service.   On the other pc it always added a .\pcname in the properties logon window.  I dont know why it is adding that or if that is what is causing the denial of access to the drive.  I should mention this is an occasionally connected environment so the drive comes andgoes.
0
 
zipnoticAuthor Commented:
This set me on the right track to fix the symtpom.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.