?
Solved

2012 Server and permissions NT AUTHORITY\SYSTEM

Posted on 2014-11-17
8
Medium Priority
?
451 Views
Last Modified: 2014-11-21
Hello EE,

Our company has a custom exe , ran fine under 2003 server 32 bit , when installing on windows 2012 64 bit , I receive error . Upon inspection with process monitor , I see FILE LOCKED WITH ONLY READERS, on operation CreateFileMapping C:\Windows\System32\sechost.dll and on C:\Windows\System32\mscoree.dll , this is as user NT AUTHORITY\SYSTEM . So it appears the process cannot access the system 32 folder . How would I go about correcting this ?
0
Comment
Question by:davesnb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40448054
Try right-clicking on the program and choosing 'Run As Administrator'.

-saige-
0
 

Author Comment

by:davesnb
ID: 40448062
It runs as a service .
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40448065
What service user does it run as, e.g. - (LocalSystem, NetworkService)?

-saige-
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 

Author Comment

by:davesnb
ID: 40448069
Local System Account
0
 
LVL 34

Accepted Solution

by:
it_saige earned 1500 total points
ID: 40448091
Local system does have access to the System32 directory.
One advantage of running under the LocalSystem account is that the service has complete unrestricted access to local resources. This is also the disadvantage of LocalSystem because a LocalSystem service can do things that would bring down the entire system. In particular, a service running as LocalSystem on a domain controller (DC) has unrestricted access to Active Directory Domain Services. This means that bugs in the service, or security attacks on the service, can damage the system or, if the service is on a DC, damage the entire enterprise network.
Source

This leads me to believe that there has to be some other issue.

What is the exact error message you receive when you start the service.  Also look in the event log to see if there is any additional information.

-saige-
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40448183
did the developer(s) state it would even work on 2012?
0
 

Author Comment

by:davesnb
ID: 40448600
Proceess monitor indicates the account does not have access to the system 32 directory. How can this be the case .?
0
 

Author Closing Comment

by:davesnb
ID: 40457549
Local system account is indeed executing correctly , misread on proc mon , was a lock then a subsequent success on next line.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Resolve DNS query failed errors for Exchange
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question