I'd like to write a service (that starts up and runs whenever the machine is on) that queries Active directory since the user IIS uses does not have permission to query AD. How do I determine if A) my workstation where I have local admin rights, and B) a shared team workstation will allow me to do this?
views:
42answers:
1
+1
Q:
How can I test if I have permissions to install a service and have it run as me on the domain?
+1
A:
Anything you can do as an interactive user can be done by a service with appropriate permissions and configuration, so it isn't so much an issue of determining if you can, but rather configuring the service so that it can.
Your installation package should request an appropriate set of credentials (and of course must be run by a user with privileges to install such a service). The service itself should simply catch and log any permission exceptions.
As an example - look at the SQL Server installation process. Early on it requests that you specify accounts with the required privileges.
Peter LaComb Jr.
2010-02-15 15:50:50
but, as a user that is not an administrator, can I install a service? a service that runs at startup as me rather than as a generic user? I have 2 possible cases, the more convenient one would be to be able to install this service on the one I do not have admin rights on because it's always connected, the other would be a service that runs on my laptop where I do have admin rights, but am not always connected.
Maslow
2010-02-15 23:54:08
In XP (Sp2 at least) default permission on HKLM\System\CurrentControlSet\Services has the local administrators and system as the only ones capable of write, so you'd need an admin account to create a service. As for the service running as you, that policy (permission to run as a service) has no default, which means any account can run as a service, but your environment may have other policies. Look at the local security policy \ user rights assignment from administrative tools for more info.
Peter LaComb Jr.
2010-02-16 01:28:11