Solved

2012 Server and permissions NT AUTHORITY\SYSTEM

Posted on 2014-11-17
8
410 Views
Last Modified: 2014-11-21
Hello EE,

Our company has a custom exe , ran fine under 2003 server 32 bit , when installing on windows 2012 64 bit , I receive error . Upon inspection with process monitor , I see FILE LOCKED WITH ONLY READERS, on operation CreateFileMapping C:\Windows\System32\sechost.dll and on C:\Windows\System32\mscoree.dll , this is as user NT AUTHORITY\SYSTEM . So it appears the process cannot access the system 32 folder . How would I go about correcting this ?
0
Comment
Question by:davesnb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40448054
Try right-clicking on the program and choosing 'Run As Administrator'.

-saige-
0
 

Author Comment

by:davesnb
ID: 40448062
It runs as a service .
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40448065
What service user does it run as, e.g. - (LocalSystem, NetworkService)?

-saige-
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:davesnb
ID: 40448069
Local System Account
0
 
LVL 34

Accepted Solution

by:
it_saige earned 500 total points
ID: 40448091
Local system does have access to the System32 directory.
One advantage of running under the LocalSystem account is that the service has complete unrestricted access to local resources. This is also the disadvantage of LocalSystem because a LocalSystem service can do things that would bring down the entire system. In particular, a service running as LocalSystem on a domain controller (DC) has unrestricted access to Active Directory Domain Services. This means that bugs in the service, or security attacks on the service, can damage the system or, if the service is on a DC, damage the entire enterprise network.
Source

This leads me to believe that there has to be some other issue.

What is the exact error message you receive when you start the service.  Also look in the event log to see if there is any additional information.

-saige-
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40448183
did the developer(s) state it would even work on 2012?
0
 

Author Comment

by:davesnb
ID: 40448600
Proceess monitor indicates the account does not have access to the system 32 directory. How can this be the case .?
0
 

Author Closing Comment

by:davesnb
ID: 40457549
Local system account is indeed executing correctly , misread on proc mon , was a lock then a subsequent success on next line.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The following article is comprised of the pearls we have garnered deploying virtualization solutions since Virtual Server 2005 and subsequent 2008 RTM+ Hyper-V in standalone and clustered environments.
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question