Creating windows service on a given user account

(Sriram Ravi) #1

Hi Team,

We have a scenario of creating a windows service with the given user account and with an encrypted password. Here, we don’t know the actual password. The reason is, the user account has administrator privilege to do the service operation(start/create).

Windows Service mainly access various server location of publishing files. For that, this service is created with admin privilege. Therefore, we need to create windows service only based on user account instead of LocalSystem account, which is a standard in our organisation.

We got stuck up with the creation of windows service with this requirement.

Could you please help us to fix this.

Regards,
Sriram

(Matt Richardson) #3

Hi Sriram

Thanks for getting in touch! Sorry to see you’re having issues with getting your service to run.

Firstly, can I confirm I understand your question correctly?

You are wanting to deploy a service that runs under a specific user account, but you do not have access to the password?

If that is the case, then unfortunately, this is not possible at a windows level. If this was possible, this would be an easy privilege execution vulnerability, as you could configure the service to run as someone else and gain access to them.

One thing that might be of interest is Managed Service Accounts - they may work for you in this situation?

If I’ve misunderstood, and you do have access to the password, then you can select Custom user... in the start up options and you should be good to go.

If I’ve misunderstood, please let me know!

Hope that helps!

Regards,
Matt

(Sriram Ravi) #4

Hi Matt,

Thanks for your timely response.

As you said we will try to use MSA account with Custom user option, will let you know if we face any issues.

Regards,
Sriram

1 Like