TCP/IP communication blocked when running a service as SYSTEM on W

TCP/IP communication blocked when running a service as SYSTEM on W
Secure Home | Search | About
Login Password
Register Now! Lost Password?

Microsoft Applications Security - Microsoft's general security discussions and announcements 

Bookmark this page:  YahooMyWeb Yahoo!  Google Google  Windows Live Favorites Windows Live  del.icio.us del.icio.us  digg digg  Add to Netscape Netscape
Subject Author Date
TCP/IP communication blocked when running a service as SYSTEM on W Gerbmeister 11-21-2006
Posted by =?Utf-8?B?R2VyYm1laXN0ZXI=?= on November 21, 2006, 3:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I have an app that I can run as a service as well. It is a message service
that communicates to a server on port 443 (SSL). When I run it as an app on
a 2003 Server R2 Standard Edition, it works. If I run it as a service under
a specific account (administrator, for example), it works. If I try to have
it run under the Local System Account, it fails (cannot communicate to the
message service).
Is there some security setting that I need to set in order for this to run
as SYSTEM? This box is set up as a Domain Controller, I don't know if that
plays into this problem or not. I have other w2k3 boxes that this works fine
on. I just can't see what I need to change. Any ideas?

Posted by Roger Abell [MVP] on November 21, 2006, 11:47 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Have you tried configuring it as a service running in Network Service
context instead of System context ? That is what Network Service account
is intended to be used for.

>I have an app that I can run as a service as well. It is a message service
> that communicates to a server on port 443 (SSL). When I run it as an app
> on
> a 2003 Server R2 Standard Edition, it works. If I run it as a service
> under
> a specific account (administrator, for example), it works. If I try to
> have
> it run under the Local System Account, it fails (cannot communicate to the
> message service).
> Is there some security setting that I need to set in order for this to run
> as SYSTEM? This box is set up as a Domain Controller, I don't know if
> that
> plays into this problem or not. I have other w2k3 boxes that this works
> fine
> on. I just can't see what I need to change. Any ideas?



Posted by =?Utf-8?B?R2VyYm1laXN0ZXI=?= on November 22, 2006, 3:09 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
How do I do that? When I go to services and edit the properties for my
service, the Log On tab shows I can log on as Local System account or specify
a user account.

"Roger Abell [MVP]" wrote:

> Have you tried configuring it as a service running in Network Service
> context instead of System context ? That is what Network Service account
> is intended to be used for.
>
> >I have an app that I can run as a service as well. It is a message service
> > that communicates to a server on port 443 (SSL). When I run it as an app
> > on
> > a 2003 Server R2 Standard Edition, it works. If I run it as a service
> > under
> > a specific account (administrator, for example), it works. If I try to
> > have
> > it run under the Local System Account, it fails (cannot communicate to the
> > message service).
> > Is there some security setting that I need to set in order for this to run
> > as SYSTEM? This box is set up as a Domain Controller, I don't know if
> > that
> > plays into this problem or not. I have other w2k3 boxes that this works
> > fine
> > on. I just can't see what I need to change. Any ideas?
>
>
>

Posted by =?Utf-8?B?R2VyYm1laXN0ZXI=?= on November 22, 2006, 3:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
I see how to run as the "NT AUTHORITY\NetworkService". What password does
this account use?

"Gerbmeister" wrote:

> How do I do that? When I go to services and edit the properties for my
> service, the Log On tab shows I can log on as Local System account or specify
> a user account.
>
> "Roger Abell [MVP]" wrote:
>
> > Have you tried configuring it as a service running in Network Service
> > context instead of System context ? That is what Network Service account
> > is intended to be used for.
> >
> > >I have an app that I can run as a service as well. It is a message service
> > > that communicates to a server on port 443 (SSL). When I run it as an app
> > > on
> > > a 2003 Server R2 Standard Edition, it works. If I run it as a service
> > > under
> > > a specific account (administrator, for example), it works. If I try to
> > > have
> > > it run under the Local System Account, it fails (cannot communicate to the
> > > message service).
> > > Is there some security setting that I need to set in order for this to run
> > > as SYSTEM? This box is set up as a Domain Controller, I don't know if
> > > that
> > > plays into this problem or not. I have other w2k3 boxes that this works
> > > fine
> > > on. I just can't see what I need to change. Any ideas?
> >
> >
> >

Posted by =?Utf-8?B?R2VyYm1laXN0ZXI=?= on November 22, 2006, 12:50 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
As a followup:
I have found that it is not specific to 2003 Server. I have a XPPro SP2 box
that has the same problem. Both boxes are running in a domain. I am
checking the other boxes that have problems to see if they are running in a
domain as well.
Is there some security setting in the domain that is missing in order for
this to run successfully?

"Gerbmeister" wrote:

> I have an app that I can run as a service as well. It is a message service
> that communicates to a server on port 443 (SSL). When I run it as an app on
> a 2003 Server R2 Standard Edition, it works. If I run it as a service under
> a specific account (administrator, for example), it works. If I try to have
> it run under the Local System Account, it fails (cannot communicate to the
> message service).
> Is there some security setting that I need to set in order for this to run
> as SYSTEM? This box is set up as a Domain Controller, I don't know if that
> plays into this problem or not. I have other w2k3 boxes that this works fine
> on. I just can't see what I need to change. Any ideas?

Similar ThreadsPosted
Service running as Local system account Unable to map drive on ano December 23, 2005, 8:10 am
Running MSI from a NT service problem September 17, 2008, 9:49 am
Running WWW Service in IIS 5.0 Isolation Mode... January 9, 2006, 8:04 pm
What could delete tcpip.sys and srv.sys from my Win2003 ?! July 3, 2005, 10:23 am
System service and UAC November 19, 2009, 8:40 am
How to have system service to access network May 1, 2007, 9:18 pm
AD Communication over SSL... July 27, 2006, 9:14 am
SAMR Communication between Client and Server March 10, 2006, 9:02 am
Logging of Microsoft Live Communication Conversations April 9, 2008, 2:52 pm
Blocked email December 11, 2005, 6:21 am

The site map in XML format XML site map

Contact Us | Privacy Policy