I'm working on a Windows Service that one of its tasks is archiving files on remote machine but I've problem regarding access privileges "Access id denied".
The service account is "LocalService",
How can I give service access to remote machine?
+1
A:
LocalService cannot have permissions on another machine, so you'll need to change the service account to something else and make sure the account has the necessary permissions on the remote machine.
jwanagel
2009-02-15 09:54:23
A:
A service on server1 that's running under the Local Service principal and that tries to access the folder on server2 is seen as an anonymous connection attempt that is or isn't allowed depending on the policy of server2. So you need to either allow anonymous access on server2 or change the service account (recommended).
Darin Dimitrov
2009-02-15 09:58:07
+1
A:
You'll need to run the service in a dedicated account (such as a domain account) that both machines recognise. Then grant this account the necessary ACL permissions to access the second machine.
If you aren't on a domain, there are things you can do with having the same username and password...
Another approach is to use the "network service" account - this will authenticate with the identity of the machine that is hosting the service; it can work, but personally I like the dedicated account approach - it makes it easier to achieve granular security, and means you can relocate the service to another host without much effort.
Marc Gravell
2009-02-15 09:59:27
Could you explain how to work with "Network Service" account?
Ahmed
2009-02-15 10:10:03
Well, the account is [yourdomain]\[computername] - just put that account into the ACL on the server you are contacting (for example, on the share permissions dialog, etc). Most installers (including the service installer in .NET) allow you to specify this account...
Marc Gravell
2009-02-15 10:14:15
What i got from you is, set Service Account to Network Service, and to set permission for that service on shared folder, right?If yes, how to grant service on shared folder?
Ahmed
2009-02-15 10:18:49
On the shared folder permissions dialog, simply find the account of the other machine. Look for an account-type/object-type option on the screen where you enter the accounts; it will probably default to users; change it to machines...
Marc Gravell
2009-02-15 10:28:20
for me, these settings are on the "Advanced..." part of the dialog. Or juts enter the domainname\machinename pair directly.
Marc Gravell
2009-02-15 10:29:01
Ok, it's working properly now.
Ahmed
2009-02-15 10:35:36
Marc, will this work in case of no domain?
Ahmed
2009-02-15 10:38:46
I honestly don't know. In theory, yes - but I'm always on a domain, so I can't be sure...
Marc Gravell
2009-02-15 10:43:08
Mark, everything is working properly in case of domain, it doesn't work in case of no domain, if you get a solution for this, please notify me.Thanks lot.
Ahmed
2009-02-15 10:47:27