How to have system service to access network

TheMSsForum.com: The Microsoft Software Forum

I have a VB app that i runs from a LocalSystem service with
CreateProcessAsUser:
The app gets the token of the service so it runs under LocalSystem too.

When i call in my app that as said run from the Localsystem service to:
WNetAddConnection2, i get error 1312 (ERROR_NO_SUCH_LOGON_SESSION)
In my opinion since a LocalSystem service does not have access to network.
Can i make the app that run from the LocalSystem service to access Network
so that WNetAddConnection2 will work?
I run it on XP pro and Vista - same problem.

(The app and The service must keep running under LocalSystem - i do not want
to change that)

Thanks!
Top

Re: How to have system service to access network by jwgoerlich

jwgoerlich
Wed May 02 07:28:22 CDT 2007

As LocalSystem on computer A, you cannot map a network resource on
computer B using LocalSystem. That would be quite a security hole.
Given that the service must keep running as LocalSystem, could you use
a proxy account to map drives with? Check out
WindowsImpersonationContext.

J Wolfgang Goerlich

On May 1, 9:18 pm, Bob <B...@discussions.microsoft.com> wrote:
> I have a VB app that i runs from a LocalSystem service with
> CreateProcessAsUser:
> The app gets the token of the service so it runs under LocalSystem too.
>
> When i call in my app that as said run from the Localsystem service to:
> WNetAddConnection2, i get error 1312 (ERROR_NO_SUCH_LOGON_SESSION)
> In my opinion since a LocalSystem service does not have access to network.
> Can i make the app that run from the LocalSystem service to access Network
> so that WNetAddConnection2 will work?
> I run it on XP pro and Vista - same problem.
>
> (The app and The service must keep running under LocalSystem - i do not want
> to change that)
>
> Thanks!


Top

Re: How to have system service to access network by Bob

Bob
Wed May 02 11:15:35 CDT 2007

Hi.
I tried to do this:
HANDLE hToken;
BOOL ccode = LogonUser("mylocaluser",
".",
"mylocalpwd",
LOGON32_LOGON_NEW_CREDENTIALS,
LOGON32_PROVIDER_WINNT50,
&hToken);


Then, called ImpersonateLoggedOnUser(),

but still the same error.

More over, i can not use the LogonUser since my pp does not know the user
and password for the local account (but is run AFTER the user login).

Thanks.
"jwgoerlich@gmail.com" wrote:

> As LocalSystem on computer A, you cannot map a network resource on
> computer B using LocalSystem. That would be quite a security hole.
> Given that the service must keep running as LocalSystem, could you use
> a proxy account to map drives with? Check out
> WindowsImpersonationContext.
>
> J Wolfgang Goerlich
>
> On May 1, 9:18 pm, Bob <B...@discussions.microsoft.com> wrote:
> > I have a VB app that i runs from a LocalSystem service with
> > CreateProcessAsUser:
> > The app gets the token of the service so it runs under LocalSystem too.
> >
> > When i call in my app that as said run from the Localsystem service to:
> > WNetAddConnection2, i get error 1312 (ERROR_NO_SUCH_LOGON_SESSION)
> > In my opinion since a LocalSystem service does not have access to network.
> > Can i make the app that run from the LocalSystem service to access Network
> > so that WNetAddConnection2 will work?
> > I run it on XP pro and Vista - same problem.
> >
> > (The app and The service must keep running under LocalSystem - i do not want
> > to change that)
> >
> > Thanks!
>
>
>
Top

Re: How to have system service to access network by jwgoerlich

jwgoerlich
Thu May 10 09:15:27 CDT 2007

You will need to use an account that exists on both the computer
running the service and the computer hosting the files you wish to
access. That is to say, an Active Directory account. If you use a
local account, it will not have permissions to authenticate and pull
down files off of the file server. The only way around that is to
grant Everyone full access on the file server and that would open your
configuration up too much.

As for not knowing the user account ahead of time, recommend storing
the account name and password with the application's settings. You
will want to save it securely, of course, so that the password is not
disclosed.

Regards,

J Wolfgang Goerlich

On May 2, 12:15 pm, Bob <B...@discussions.microsoft.com> wrote:
> Hi.
> I tried to do this:
> HANDLE hToken;
> BOOL ccode = LogonUser("mylocaluser",
> ".",
> "mylocalpwd",
> LOGON32_LOGON_NEW_CREDENTIALS,
> LOGON32_PROVIDER_WINNT50,
> &hToken);
>
> Then, called ImpersonateLoggedOnUser(),
>
> but still the same error.
>
> More over, i can not use the LogonUser since my pp does not know the user
> and password for the local account (but is run AFTER the user login).
>
> Thanks.
>

Top