Running process as a user from windows service failing with Access is Denied?

Question

I am working on a project that requires sandboxing an application. I am able to create a windows user, create a directory, fill the directory with an application, and run the application as a user. This works completely fine running as a console application, but when I install it as a service, I get this exception:

System.ComponentModel.Win32Exception: Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()

The code that throws this exception is:

_process = new Process
     {
     StartInfo =
        {
            Arguments = "",
            CreateNoWindow = true,
            ErrorDialog = false,
            FileName = instanceDirectory + "program.exe",
            WorkingDirectory = instanceDirectory,
            UseShellExecute = false,


            UserName = GetUserNameForInstance(_id),
            Password = GetPasswordForInstance(_id),
            Domain = ""
        },
    EnableRaisingEvents = true
    };

_process.Exited += ProcessExited;
_process.Start();

Again, this is only thrown when running as a Windows Service. The service is running under LOCAL SYSTEM according the the Services panel in Windows.

Any Ideas?

Answer 1

Does the account have the premissions to the resources you are using? Does it have the ability to read and write to the directory?

In these types of situations 99% of the time it is a premission issue.

Answer 2

You might be better off running the service as a domain account which has the necessary permissions for IO operations (including ACL permissions).

In the below example the "Alterter" service is set to run as the local service account. In your case I'd suggest running the service as DOMAIN\UserAccount.