Solved

QT executable won't work as service on win

Posted on 2015-01-29
20
72 Views
Last Modified: 2015-05-11
We've made a QT exe and can run it as Admin and tools such as ping, traceroute function properly from within.

But when we try to add my exe as a Service , we get a problem like:

http://superuser.com/questions/290299/how-to-turn-an-executable-file-into-a-service-in-windows-7

Currently testing on win7 but this also needs to work on win8.

What to do?
0
Comment
Question by:projects
  • 9
  • 9
  • 2
20 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 40578179
>> tools such as ping, traceroute function properly from within.

If you are trying to access the network from that app: That's the problem. The 'LocalService' account that services run under by default has almost administrator provileges, but no network access. Just pick a different account for it to run under.
0
 
LVL 86

Expert Comment

by:jkr
ID: 40578584
>>and can run it as Admin

Just to be sure, because it takes some tricks to run an exectuable both as a service and a regular app on Windows: You do have a 'ServiceMain()' (http://msdn.microsoft.com/en-us/library/windows/desktop/ms685138(v=vs.85).aspx) and you do call 'StartServiceCtrlDispatcher()' (https://msdn.microsoft.com/en-us/library/windows/desktop/ms686324%28v=vs.85%29.aspx), don't you? Because if not, you don't have an executable that is fit to work as a Windows service.
0
 

Author Comment

by:projects
ID: 40580368
I think you are talking about MS and we aren't using MS.

We are using C++ QT and runasservice to make this run as a service. The problems are that the user will need a higher level of permissions in order to not only install this but to run it.

What I am trying to find out is how we can accomplish this as a single install where the user doesn't have to be logged in as the admin but can give the installer the rights it needs to install, then to run as a service.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 86

Accepted Solution

by:
jkr earned 500 total points
ID: 40580415
Well, only administrators and Power Users are allowed to install services. But the problem still remains: You need to assign this service a different account to run under, or you won't get any network access.
0
 

Author Comment

by:projects
ID: 40580496
Yes I understand this but that is my question. How can this be done. I make the assumption that most users who will install this are very non technical so everything has to be done as automatically as possible.
0
 
LVL 86

Expert Comment

by:jkr
ID: 40580618
>>How can this be done

Just create a new account. A regular user account will do. After installing the service open the 'Services' applet in the Control Panel, select your service and choose 'Properties'. Go to the 'Logon' tab, check 'This Account' and enter the user name of that new accounbt and the password. That's it.
0
 

Author Comment

by:projects
ID: 40580994
The issue is that the user would have to mess with the operating system when this is installed.
This needs to be fully automatic when being installed and needs to run without user interaction.
0
 

Author Comment

by:projects
ID: 40581030
Some additional information I can provide is that we are using qt and runasservice to run the app as a service. We need to be able to install and run this without any user interaction other than the user clicking on the install file.
0
 
LVL 86

Expert Comment

by:jkr
ID: 40581065
Hmm, using Qt still does not allow you to act as an exemption for what Windows sets as prerequisites for services that want to access the network.  And I can't change that for you, sorry.

So again, the options basically are:
- create a new user account for your service and use these credentials
- use an existing account and ask for their credentials
And, what I hadn't mentioned:
- use the 'NetworkService' account instead of 'LocalSystem', with the drawback that access to the local computer is quite restricted. If you can live with the latter, even the better.
0
 
LVL 33

Expert Comment

by:sarabande
ID: 40584509
We need to be able to install and run this without any user interaction other than the user clicking on the install file.

it is obvious that a user who doesn't have administrator rights, is not able to install a service with more rights that the user (account) possesses itself. if that would be possible, the system would be open for any virus or trojan without any protection.

if the user is  a local admin, it could be done by starting the setup 'as administrator'. if not, a way out could be to not installing a service but only a client to a server. that means, instead of running a privileged service at each client machine, they just would run a non-privileged client which would connect to a service running at a server. you would need to enhance the current service by a network communication to clients. to make it easy you would run each client session in a separate thread. of course this can only be a solution if you either could provide a server for all the clients, or if you would provide a server installation additionally to the client installation which then could be used for multiple clients at a site.

Sara
0
 

Author Comment

by:projects
ID: 40591689
@Sara, Thanks for the input. I will pass this along.

Basically, I think what I am wanting to find out is how does a non admin user install a piece of software which in turn needs some higher level access in order to run.

I understand about not wanting to open the system up to viruses and so on but if the user allowed the install, then it would not be a hidden install like a virus might be.

BTW, yes, this is a client/server installation where code which runs on the server also communicates with a central server.
0
 
LVL 86

Expert Comment

by:jkr
ID: 40591760
OK, to sum that up: In order to install a service, the installing process will end up calling 'CreateService()'. And MSDN states here

Only processes with Administrator privileges are able to open handles to the SCM that can be used by the CreateService and LockServiceDatabase functions.

(See https://msdn.microsoft.com/en-us/library/windows/desktop/ms685981%28v=vs.85%29.aspx - "Service Security and Access Rights")

I understand your concerns, bit MS has set that requirement. And, for a good reason, I might add.
0
 

Author Comment

by:projects
ID: 40591776
What I am asking however is.... since we need to run the service as a higher level user, and we don't want the user to have to mess with the system, adding accounts etc, can we simply prompt the user when installing the package, that s/he needs to say YES to the installer which is also asking to confirm that a higher level user will be assigned to this service?

I know nothing what so ever about MS, in fact, I cannot stand MS which is why I am asking this question so that the programmer can have some better understanding of how we will deal with the installer.
0
 
LVL 86

Expert Comment

by:jkr
ID: 40591783
BTW, does it really have to be a service or would "Auto Run" (i.e. will be started when the user logs on) also work for you? For that, no admin privileges are required, an entry in "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" will do...
0
 

Author Comment

by:projects
ID: 40591853
The reason behind it being a service is so that once installed, it simply runs, always, while the pc is on, without needing any user interaction.

Auto-run might work also, so long as the installed is allowed/able to add this auto-start and that the code be able to have what ever permissions it needs.
0
 
LVL 33

Expert Comment

by:sarabande
ID: 40591874
we don't want the user to have to mess with the system
you may consider to do the installation from remote by an administrator or by a privileged installation service that already runs at the client machine. that way the non-admin user at most would need to install or configure a non-privileged client (what for example could be automated by 'autorun' as suggested by jkr).

Sara
0
 
LVL 86

Expert Comment

by:jkr
ID: 40591883
Every user can write to their own 'Run' keys, so that should not be an issue.  And that would also fix the network access thing.
0
 

Author Comment

by:projects
ID: 40598910
None of these answers seem to be solutions. The installer needs to make a change to the firewall then it needs full access to networking.
0
 
LVL 86

Expert Comment

by:jkr
ID: 40598921
Actually it is suffifianct when the person who installs the service confirms network access when the service is started the first time...

Which installation tool are you using?
0
 

Author Comment

by:projects
ID: 40600464
Currently, the plan is;
 
http://nsis.sourceforge.net/Features
or
http://www.jrsoftware.org/isinfo.php

The programmer is also considering adding the app as a 'task' with user System. The problem seems to be that the user needs to be logged in for the task to start and what we need is the app to start running immediately as the os starts and not when a user logs in.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
In this post we will learn how to connect and configure Android Device (Smartphone etc.) with Android Studio. After that we will run a simple Hello World Program.
The viewer will be introduced to the technique of using vectors in C++. The video will cover how to define a vector, store values in the vector and retrieve data from the values stored in the vector.

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question