Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

2012 Server and permissions NT AUTHORITY\SYSTEM

Posted on 2014-11-17
8
342 Views
Last Modified: 2014-11-21
Hello EE,

Our company has a custom exe , ran fine under 2003 server 32 bit , when installing on windows 2012 64 bit , I receive error . Upon inspection with process monitor , I see FILE LOCKED WITH ONLY READERS, on operation CreateFileMapping C:\Windows\System32\sechost.dll and on C:\Windows\System32\mscoree.dll , this is as user NT AUTHORITY\SYSTEM . So it appears the process cannot access the system 32 folder . How would I go about correcting this ?
0
Comment
Question by:davesnb
  • 4
  • 3
8 Comments
 
LVL 33

Expert Comment

by:it_saige
ID: 40448054
Try right-clicking on the program and choosing 'Run As Administrator'.

-saige-
0
 

Author Comment

by:davesnb
ID: 40448062
It runs as a service .
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40448065
What service user does it run as, e.g. - (LocalSystem, NetworkService)?

-saige-
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:davesnb
ID: 40448069
Local System Account
0
 
LVL 33

Accepted Solution

by:
it_saige earned 500 total points
ID: 40448091
Local system does have access to the System32 directory.
One advantage of running under the LocalSystem account is that the service has complete unrestricted access to local resources. This is also the disadvantage of LocalSystem because a LocalSystem service can do things that would bring down the entire system. In particular, a service running as LocalSystem on a domain controller (DC) has unrestricted access to Active Directory Domain Services. This means that bugs in the service, or security attacks on the service, can damage the system or, if the service is on a DC, damage the entire enterprise network.
Source

This leads me to believe that there has to be some other issue.

What is the exact error message you receive when you start the service.  Also look in the event log to see if there is any additional information.

-saige-
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40448183
did the developer(s) state it would even work on 2012?
0
 

Author Comment

by:davesnb
ID: 40448600
Proceess monitor indicates the account does not have access to the system 32 directory. How can this be the case .?
0
 

Author Closing Comment

by:davesnb
ID: 40457549
Local system account is indeed executing correctly , misread on proc mon , was a lock then a subsequent success on next line.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question