Running APBackUp as NT/2000/XP
service
To run APBackUp as a service you
can use any other service that can start a program with parameters,
or srvany.exe from Microsoft NT Resource Kit, included in the
distributive. This service can start applications with parameter
"service", so that the application will work even if no user is
logged in. To configure the application to run as a service
use "Program options" -> "NT/2000 service". This command will install the service "APBackUp_Starter".
To stop using service use button "Delete service"
If you install service under
LocalSystem account (default), then the program will not have
access to network resources. If you need to connect to network
resources, you will have to install service under other
account.
That is from Microsoft Win32
SDK:
“The LocalSystem account is a
predefined local account used by system processes. The name of the
account is .\System. This account does not have a password. If you
specify the LocalSystem account in a call to the CreateService
function, any password information you supply is ignored.
A service that runs in the context
of the LocalSystem account inherits the security context of the
SCM. It is not associated with any logged-on user account and does
not have credentials (domain name, user name, and password) to be
used for verification. This has several implications:
·
· The service cannot open the registry key
HKEY_CURRENT_USER.
·
· The service can open the registry key
HKEY_LOCAL_MACHINE\SECURITY.
·
· The service has limited access to network
resources, such as shares and pipes, because it has no credentials
and must connect using a null session. The following registry key
contains the NullSessionPipes and NullSessionShares values, which
are used to specify the pipes and shares to which null sessions may
connect:
·
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
LanmanServer\Parameters
·
Alternatively, you could add the REG_DWORD value
RestrictNullSessAccess to the key and set it to 0 to allow all null
sessions to access all pipes and shares created on that
machine.
·
· The service cannot share objects with other
applications, unless they are opened using a DACL which allows a
user or group of users access or NULL DACL, which allows everyone
access. Specifying a NULL DACL is not the same as specifying NULL,
which means that access is only granted to applications with the
same security context. For more information, see Allowing Access. ·
If the service opens a command window and runs a batch file, the
user could hit CTRL+C to terminate the batch file and gain access
to a command window with LocalSystem permissions“
|