I am having an issue launching a process from the system account. I just want to make it clear that I am not trying to run it under an interactive session, nor trying to impersonate any account. All I am trying to do is launch a process from the system account into the same session. The session in which the NTAUTHORITY\SYSTEM resides is 0 I believe.
I created a simple Windows Service that basically just uses Process.start to launch the executable. The Service is a system service.
I installed the service using SC as such:
sc create "MYSERVICE" binpath= "C:\Projects\MyService\MyService.exe" displayname= "My Awesome Service"
When I try to manually start the service I get a prompt that says "The ServiceName service on local computers started and then stopped. Some services stop Automatically if they are not in use by other services or programs."
Along with this the executable is never actually started. When monitoring it in processhacker I can see that the service does start, but the executable it attempts doesn't. Can anyone help me figure out why?
As I stated earlier my service is very basic, all it does is try and launch the executable when started:
protected override void OnStart(string[] args)
{
Process.Start("svrexec.exe");
}
protected override void OnStop()
{
}
Did you specify full path to your executable? The working folder for the system user is %windir%\System32.
Try Path.Combine(AppDomain.CurrentDomain.BaseDirectory, "svrexec.exe"), or set Environment.CurrentDirectory = AppDomain.CurrentDomain.BaseDirectory
Are you 100% sure it's not running?
I tried and mine is running under the SYSTEM User Name
check Show processes from all users in Task Manager
Related
I am trying to launch a process from a web page's back-end code/app pool. This process will launch an App that i built myself.
For some reason, the process only works / runs when i start it from VS2013... it never works when i launch it from IIS(7.5) itself.
I am on a Windows 7 machine (both IIS host, and App location), and I've setup my web site to only be accessible via internal network.
Here's the code, followed by the config / attempts to fix the issue:
protected void btn_DoIt_Click(object sender, EventArgs e)
{
string file_text = this.txt_Urls.Text;
if (!String.IsNullOrWhiteSpace(file_text))
File.WriteAllText(ConfigurationManager.AppSettings["filePath"], file_text);
ProcessStartInfo inf = new ProcessStartInfo();
SecureString ss = GetSecureString("SomePassword");
inf.FileName = #"........\bin\Release\SomeExecutable.exe";
inf.Arguments = ConfigurationManager.AppSettings["filePath"];
inf.UserName = "SomeUserName";
inf.Password = ss;
inf.UseShellExecute = false;
//launch desktop app, but don't close it in case we want to see the results!
try
{
Process.Start(inf);
}
catch(Exception ex)
{
this.txt_Urls.Text = ex.Message;
}
this.txt_Urls.Enabled = false;
this.btn_DoIt.Enabled = false;
this.txt_Urls.Text = "Entries received and process started. Check local machine for status update, or use refresh below.";
}
Here are the things I've tried to resolve the issue:
Made sure the executing assembly was built with AnyCPU instead of
x86
Ensured that the AppPool that runs the app, also runs under the same account (SomeUsername) as the ProcessStartInfo specified.
Ensured that the specific user account has full access to the executable's folder.
Ensured that IIS_USR has full access to the executable's folder.
Restarted both the app pool and IIS itself many times over implementing these fixes
I am now at a loss as to why this simply will not launch the app... when i first looked into the event log, i saw that the app would die immediately with code 1000:KERNELBASE.dll, which got me on the AnyCPU config instead of X86 fix... that fixed the event log entries but the app still doesn't start (nothing comes up in task manager), and i get no errors in the event log...
if someone could help me fix this problem i would really appreciate it. This would allow me to perform specific tasks on my main computer from any device on my network (phone, tablet, laptop, etc etc) without having to be in front of my main PC...
UPDATE
The comment to my OP, and ultimate answer from #Bradley Uffner actually nailed the problem on the head: My "app" is actually a desktop application with a UI, and in order to run that application, IIS would need to be able to get access to the desktop and the UI, just like if it were a person sitting down in front of the PC. This of course is not the case since IIS is running only as a service account and it makes sense that it shouldn't be launching UI programs in the background. Also see his answer for one way of getting around this.
Your best bet might be to try writing this as 2 parts. A web site that posts commands to a text file (or database, or some other persistent storage), and a desktop application that periodically polls that file (database, etc) for changes and executes those commands. You could write out the entire command line, including exe path command arguments, and switches.
This is the only way I can really think of to allow a service application like IIS to execute applications that require a desktop context with a logged in user.
You should assign a technical user with enough high priviliges to the running application pool. By default the application pool is running with ApplicationPoolIdentity identy which has a very low priviliges.
Basically I need my application to run from system start until system shutdown. I figured out the following approach:
create MyApp.exe and MyService.exe
MyApp should install MyService as a service
MyService is supposed to run at startup and periodically check if MyApp is running. If it's not than start it.
That's the code I wrote for my service:
protected override void OnStart(string[] args)
{
while(true)
{
int processesCount =
Process.GetProcessesByName(Settings.Default.MyAppName).Count() +
Process.GetProcessesByName(Settings.Default.MyAppName + ".vshost").Count() +
Process.GetProcessesByName(Settings.Default.MyAppUpdaterName).Count();
if(processesCount==0)
{
//restore
var p = new Process { StartInfo = { FileName = Settings.Default.MyAppName, Arguments = "" } };
p.Start();
}
else
{
}
System.Threading.Thread.Sleep(3000);
}
}
How can I install this process so that it starts on windows start?
I'm not sure if this infinite loop in OnStart method is a good idea. Is it?
Is the general idea ok?
What I've done is have a windows service that runs the logic and main application code. Then if you need a GUI for it, have the windows service expose a web service via WCF and create a windows app that calls to the web service. On install, put you windows app in the windows startup.
This model will have the main application code running all the time, but the GUI is only up when a user is logged in.
Is the general idea ok?
As Hans points out in comments this is hostile to the user and fortunately won't work on Vista or later because services run in their own windows station. Put whatever logic you need to run all the time in the service and use an IPC mechanism such as WCF to communicate with an (optionally) running UI. If the user disables the service or exits the GUI respect their wishes...
How can I install this process so that it starts on windows start?
Add an entry to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run or HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Runthat points to your GUI application.
I'm not sure if this infinite loop in OnStart method is a good idea.
Is it?
No. You need to return from OnStart if you need to do work after OnStart returns create a Thread to do that work.
I have a created window service and installed successfully. I have enclosed a exe file in service but it does not start .exe.
Protected Overrides Sub OnStart(ByVal args() As String)
System.Diagnostics.Process.Start("C:\Users\Dr.Fazan\Desktop\Debug\Macro Recording System.exe")
You should add a Logger class to your service, and catch any unhandled exceptions.
You're probably getting an exception when trying to Start() your process.
My guess is that your service is lacking the right permissions to launch that .EXE file
You can try changing the User on which your service runs on (through the control panel, or, through the command line.
Windows service doesn't usually have rights to start a new process for security reasons. You will need to grant these rights first.
One of the possible way to do that is log service on as administrator. Right-click on the service in services.msc > Properties > Log On > This account. I am only aware of this method, but it must only work for testing and must never be used in production due to the opened security hole.
I am trying to start an external process from a .NET Windows service. In the past I have used the Process.Start() overload that takes the executable path and a command line string. This works. But now I would like to start the process and have it run in the context of a particular user. So I call this version of Start()
public static Process Start(
string fileName,
string userName,
SecureString password,
string domain)
However, when I call the method, the application I am trying to run generates an unhandled exception:
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.
I have tried to start different applications and they all generate the same exception. I have run the code outside of the Windows service and the application starts correctly.
So is there a way to get this to work in a Windows service?
Maybe the user has to have, "logon as a service" security right. This is done with the "local security policy" application. And/or "logon as a batch job".
This is very similar to this question here. The answer is usually due to security issues with the desktop and window station in which the process is being run. See this article for an explanation and some sample code.
This is just a shot in the dark, but perhaps you can try to run the Windows Service in Interactive mode. If that works, though, this can't be done in Windows Vista (because of Session 0 Isolation).
Use Filemon and see if it is trying to open a config file and not finding it. I once had this error due to a malformed config.
I'm trying to deploy a service that I wrote. Here's the InstallLog file:
Installing assembly 'c:\Users\brwatson\Development\Projects\TweetLinks\TweetLinkQueue\bin\Debug\TweetLinkQueue.exe'.
Affected parameters are:
logtoconsole =
assemblypath = c:\Users\brwatson\Development\Projects\TweetLinks\TweetLinkQueue\bin\Debug\TweetLinkQueue.exe
logfile = c:\Users\brwatson\Development\Projects\TweetLinks\TweetLinkQueue\bin\Debug\TweetLinkQueue.InstallLog
Installing service TweetLinkService...
Creating EventLog source TweetLinkService in log Application...
Rolling back assembly 'c:\Users\brwatson\Development\Projects\TweetLinks\TweetLinkQueue\bin\Debug\TweetLinkQueue.exe'.
Affected parameters are:
logtoconsole =
assemblypath = c:\Users\brwatson\Development\Projects\TweetLinks\TweetLinkQueue\bin\Debug\TweetLinkQueue.exe
logfile = c:\Users\brwatson\Development\Projects\TweetLinks\TweetLinkQueue\bin\Debug\TweetLinkQueue.InstallLog
Restoring event log to previous state for source TweetLinkService.
An exception occurred during the Rollback phase of the System.Diagnostics.EventLogInstaller installer.
System.Security.SecurityException: The source was not found, but some or all event logs could not be searched. Inaccessible logs: Security.
An exception occurred during the Rollback phase of the installation. This exception will be ignored and the rollback will continue. However, the machine might not fully revert to its initial state after the rollback is complete.
As you can see, it's not working. I am not sure how to proceed, and have hit the wall with Bing and Google. I have set the Account to LocalSystem for the serviceProcessInstaller1. The code compiles fine, but now I would like to run the thing...any ideas? I am an administrator on my box, and I am running the command:
InstallUtil TweetLinkQueue.exe
from the VS2008 admin console.
UPDATED WITH /ShowCallStack option
Call Stack
An exception occurred during the Install phase.
System.Security.SecurityException: The source was not found, but some or all eve
nt logs could not be searched. Inaccessible logs: Security.
at System.Diagnostics.EventLog.FindSourceRegistration(String source, String m
achineName, Boolean readOnly)
at System.Diagnostics.EventLog.SourceExists(String source, String machineName
)
at System.Diagnostics.EventLogInstaller.Install(IDictionary stateSaver)
at System.Configuration.Install.Installer.Install(IDictionary stateSaver)
at System.ServiceProcess.ServiceInstaller.Install(IDictionary stateSaver)
at System.Configuration.Install.Installer.Install(IDictionary stateSaver)
at System.Configuration.Install.Installer.Install(IDictionary stateSaver)
at System.Configuration.Install.AssemblyInstaller.Install(IDictionary savedSt
ate)
at System.Configuration.Install.Installer.Install(IDictionary stateSaver)
at System.Configuration.Install.TransactedInstaller.Install(IDictionary saved
State)
and here is the constructor:
public TweetLinkService()
{
InitializeComponent();
if (!EventLog.SourceExists("TweetLinkQueue"))
{
EventLog.CreateEventSource("TweetLinkQueue", "Log");
TweetLinksLog.Source = "TweetLinkQueue";
TweetLinksLog.Log = "Log";
TweetLinksLog.WriteEntry("Log Created!");
}
}
UPDATED with ENtry Point:
namespace TweetLinkQueue
{
static class Program
{
/// <summary>
/// The main entry point for the application.
/// </summary>
static void Main()
{
ServiceBase[] ServicesToRun;
ServicesToRun = new ServiceBase[]
{
new TweetLinkService()
};
ServiceBase.Run(ServicesToRun);
}
}
}
I was just having this issue and it was because I wasn't running my visual studio command prompt as an administrator.
I'm not sure what your specific problem is. It looks to me like the problem occurs while creating the EventLog source. Double-check that you've done that part correctly. You can reference the step-by-step here. EDIT: SPECIFICALLY LOOK AT STEP 9. The problem may be occuring because you're messing with the Application log instead of one specific to your application.
There's nothing wrong with using InstallUtil, but if you need to install your service on a foreign machine, InstallUtil is not guaranteed to be there. You can follow this step-by-step to make your Windows service executable install/uninstall itself without the need of InstallUtil. See here for those instructions.
To solve this issue right click on your Visual Studio 2008 Command Prompt and click run as administrator then you run your command like installutil C:\mcWebService\bin\Debug\mcWebService.exe
then it will show you successful message.
Hope this will solve your solution.
The LocalSystem account doesn't normally have permission to read the Security event log (or to create event sources for that matter).
The easiest and safest solution is to create an event source installation program that you can run under your own administration-level credentials on any machine for which you'll want to run this. It might be even worth trying this as a simple test, just to see if your account has the permission to do this.
class Program {
static void Main(string[] args) {
EventLog.CreateEventSource("TestSource", "Application");
}
}
If you execute that, does it succeed? You can check it by looking at the Application log's properties and browsing the Event sources on its Filter tab.
Alternately, since services have to be installed anyway, you could add an EventLogInstaller (which is misnamed - it's really an 'EventSourceInstaller' that will create EventLogs as needed) to the assembly instead of using EventLog.CreateEventSource in the service's constructor.
My issue was a window was popping to enter credentials and I was entering my username without the domain. Once I entered domain\username all was fine.
I got the same unexplainable errors when installing windows services.
In our case the user was the problem.
Installing the server with the administrator-user worked, but not for a local admin. This, however, is not a preferred solution, so we used this information to create a different user that could install the service.