Solved

QT executable won't work as service on win

Posted on 2015-01-29
20
62 Views
Last Modified: 2015-05-11
We've made a QT exe and can run it as Admin and tools such as ping, traceroute function properly from within.

But when we try to add my exe as a Service , we get a problem like:

http://superuser.com/questions/290299/how-to-turn-an-executable-file-into-a-service-in-windows-7

Currently testing on win7 but this also needs to work on win8.

What to do?
0
Comment
Question by:projects
  • 9
  • 9
  • 2
20 Comments
 
LVL 86

Expert Comment

by:jkr
Comment Utility
>> tools such as ping, traceroute function properly from within.

If you are trying to access the network from that app: That's the problem. The 'LocalService' account that services run under by default has almost administrator provileges, but no network access. Just pick a different account for it to run under.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
>>and can run it as Admin

Just to be sure, because it takes some tricks to run an exectuable both as a service and a regular app on Windows: You do have a 'ServiceMain()' (http://msdn.microsoft.com/en-us/library/windows/desktop/ms685138(v=vs.85).aspx) and you do call 'StartServiceCtrlDispatcher()' (https://msdn.microsoft.com/en-us/library/windows/desktop/ms686324%28v=vs.85%29.aspx), don't you? Because if not, you don't have an executable that is fit to work as a Windows service.
0
 

Author Comment

by:projects
Comment Utility
I think you are talking about MS and we aren't using MS.

We are using C++ QT and runasservice to make this run as a service. The problems are that the user will need a higher level of permissions in order to not only install this but to run it.

What I am trying to find out is how we can accomplish this as a single install where the user doesn't have to be logged in as the admin but can give the installer the rights it needs to install, then to run as a service.
0
 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
Comment Utility
Well, only administrators and Power Users are allowed to install services. But the problem still remains: You need to assign this service a different account to run under, or you won't get any network access.
0
 

Author Comment

by:projects
Comment Utility
Yes I understand this but that is my question. How can this be done. I make the assumption that most users who will install this are very non technical so everything has to be done as automatically as possible.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
>>How can this be done

Just create a new account. A regular user account will do. After installing the service open the 'Services' applet in the Control Panel, select your service and choose 'Properties'. Go to the 'Logon' tab, check 'This Account' and enter the user name of that new accounbt and the password. That's it.
0
 

Author Comment

by:projects
Comment Utility
The issue is that the user would have to mess with the operating system when this is installed.
This needs to be fully automatic when being installed and needs to run without user interaction.
0
 

Author Comment

by:projects
Comment Utility
Some additional information I can provide is that we are using qt and runasservice to run the app as a service. We need to be able to install and run this without any user interaction other than the user clicking on the install file.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
Hmm, using Qt still does not allow you to act as an exemption for what Windows sets as prerequisites for services that want to access the network.  And I can't change that for you, sorry.

So again, the options basically are:
- create a new user account for your service and use these credentials
- use an existing account and ask for their credentials
And, what I hadn't mentioned:
- use the 'NetworkService' account instead of 'LocalSystem', with the drawback that access to the local computer is quite restricted. If you can live with the latter, even the better.
0
 
LVL 32

Expert Comment

by:sarabande
Comment Utility
We need to be able to install and run this without any user interaction other than the user clicking on the install file.

it is obvious that a user who doesn't have administrator rights, is not able to install a service with more rights that the user (account) possesses itself. if that would be possible, the system would be open for any virus or trojan without any protection.

if the user is  a local admin, it could be done by starting the setup 'as administrator'. if not, a way out could be to not installing a service but only a client to a server. that means, instead of running a privileged service at each client machine, they just would run a non-privileged client which would connect to a service running at a server. you would need to enhance the current service by a network communication to clients. to make it easy you would run each client session in a separate thread. of course this can only be a solution if you either could provide a server for all the clients, or if you would provide a server installation additionally to the client installation which then could be used for multiple clients at a site.

Sara
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:projects
Comment Utility
@Sara, Thanks for the input. I will pass this along.

Basically, I think what I am wanting to find out is how does a non admin user install a piece of software which in turn needs some higher level access in order to run.

I understand about not wanting to open the system up to viruses and so on but if the user allowed the install, then it would not be a hidden install like a virus might be.

BTW, yes, this is a client/server installation where code which runs on the server also communicates with a central server.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
OK, to sum that up: In order to install a service, the installing process will end up calling 'CreateService()'. And MSDN states here

Only processes with Administrator privileges are able to open handles to the SCM that can be used by the CreateService and LockServiceDatabase functions.

(See https://msdn.microsoft.com/en-us/library/windows/desktop/ms685981%28v=vs.85%29.aspx - "Service Security and Access Rights")

I understand your concerns, bit MS has set that requirement. And, for a good reason, I might add.
0
 

Author Comment

by:projects
Comment Utility
What I am asking however is.... since we need to run the service as a higher level user, and we don't want the user to have to mess with the system, adding accounts etc, can we simply prompt the user when installing the package, that s/he needs to say YES to the installer which is also asking to confirm that a higher level user will be assigned to this service?

I know nothing what so ever about MS, in fact, I cannot stand MS which is why I am asking this question so that the programmer can have some better understanding of how we will deal with the installer.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
BTW, does it really have to be a service or would "Auto Run" (i.e. will be started when the user logs on) also work for you? For that, no admin privileges are required, an entry in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" will do...
0
 

Author Comment

by:projects
Comment Utility
The reason behind it being a service is so that once installed, it simply runs, always, while the pc is on, without needing any user interaction.

Auto-run might work also, so long as the installed is allowed/able to add this auto-start and that the code be able to have what ever permissions it needs.
0
 
LVL 32

Expert Comment

by:sarabande
Comment Utility
we don't want the user to have to mess with the system
you may consider to do the installation from remote by an administrator or by a privileged installation service that already runs at the client machine. that way the non-admin user at most would need to install or configure a non-privileged client (what for example could be automated by 'autorun' as suggested by jkr).

Sara
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
Every user can write to their own 'Run' keys, so that should not be an issue.  And that would also fix the network access thing.
0
 

Author Comment

by:projects
Comment Utility
None of these answers seem to be solutions. The installer needs to make a change to the firewall then it needs full access to networking.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
Actually it is suffifianct when the person who installs the service confirms network access when the service is started the first time...

Which installation tool are you using?
0
 

Author Comment

by:projects
Comment Utility
Currently, the plan is;
 
http://nsis.sourceforge.net/Features
or
http://www.jrsoftware.org/isinfo.php

The programmer is also considering adding the app as a 'task' with user System. The problem seems to be that the user needs to be logged in for the task to start and what we need is the app to start running immediately as the os starts and not when a user logs in.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This is about my first experience with programming Arduino.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now