Solved

2012 Server and permissions NT AUTHORITY\SYSTEM

Posted on 2014-11-17
8
390 Views
Last Modified: 2014-11-21
Hello EE,

Our company has a custom exe , ran fine under 2003 server 32 bit , when installing on windows 2012 64 bit , I receive error . Upon inspection with process monitor , I see FILE LOCKED WITH ONLY READERS, on operation CreateFileMapping C:\Windows\System32\sechost.dll and on C:\Windows\System32\mscoree.dll , this is as user NT AUTHORITY\SYSTEM . So it appears the process cannot access the system 32 folder . How would I go about correcting this ?
0
Comment
Question by:davesnb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
8 Comments
 
LVL 34

Expert Comment

by:it_saige
ID: 40448054
Try right-clicking on the program and choosing 'Run As Administrator'.

-saige-
0
 

Author Comment

by:davesnb
ID: 40448062
It runs as a service .
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40448065
What service user does it run as, e.g. - (LocalSystem, NetworkService)?

-saige-
0
Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

 

Author Comment

by:davesnb
ID: 40448069
Local System Account
0
 
LVL 34

Accepted Solution

by:
it_saige earned 500 total points
ID: 40448091
Local system does have access to the System32 directory.
One advantage of running under the LocalSystem account is that the service has complete unrestricted access to local resources. This is also the disadvantage of LocalSystem because a LocalSystem service can do things that would bring down the entire system. In particular, a service running as LocalSystem on a domain controller (DC) has unrestricted access to Active Directory Domain Services. This means that bugs in the service, or security attacks on the service, can damage the system or, if the service is on a DC, damage the entire enterprise network.
Source

This leads me to believe that there has to be some other issue.

What is the exact error message you receive when you start the service.  Also look in the event log to see if there is any additional information.

-saige-
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40448183
did the developer(s) state it would even work on 2012?
0
 

Author Comment

by:davesnb
ID: 40448600
Proceess monitor indicates the account does not have access to the system 32 directory. How can this be the case .?
0
 

Author Closing Comment

by:davesnb
ID: 40457549
Local system account is indeed executing correctly , misread on proc mon , was a lock then a subsequent success on next line.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every now and then, Microsoft does something that totally impresses me. It doesn't happen often, but in this case I must say I am thoroughly impressed with Windows Server Backup. One of the long time issues with Windows Backup has been the ability t…
What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question