I have read in many forums that mapped drives are not accessible from a service as no user is logged on.
Question 1) I tried making my service as a log on - as some account and i had my network drive mapped in that very account. The service still cannot access it. Why?
Question 2) From the same sevice, i invoke another process. Under what user account will the process run?
Thanks
1) Use UNC paths instead, then you do not need access to mapped drive letters. As to why you cannot access them even when running in the same account, it is hard to say for sure without seeing your actual code.
2) it depends on how you are launching the process. If you use ShellExecute() or CreateProcess(), then it runs in the user account of the calling thread. If you use CreateProcessAsUser(), CreateProcessWithLogonW(), or CreateProcessWithTokenW(), then it runs in the user account that you pass in.
I have faced similar problem wile running JBoss in service mode, my Java code was not able to access Mapped Drive even if i execute the service even after changing "Log on as:" option to the same user who has mapped the drive.
Then I figured out that if I can map the drive using the same service, then it should work.
And finally, adding just a simple command at top of service.bat file resolved the issue.
net use x: \\SERVERNAME\SHARENAME
Services don't have access to mapped drives on XP and beyond, since mapped drives are a per user resource, so they depend on who's logged in. Since it's possible for no-one to be logged in, it's possible that there are no mapped drives.
Your service may map a drive itself.
Related
I used docker technology to set up a nextcloud server for myself and my family
Can I transfer files from a local server to my Nextcloud server without using the internet and allow users to access them?
Because I have discovered two strange things:
1.Placing files directly under a specific user's file path on the server does not allow the user to successfully access the file.
2.As long as I don't delete the files added by the user, even if I directly change the content of the files on the server, the user can still accurately and correctly read the original content.
Or is the user profile path that I think is incorrect?
I think it's /var/www/html/data/"USERID"/files
I would like to know how to solve it, but at the same time, I also want to know what is the reason that causes the following two problems.
Thank you so much.
I'm trying to send my first image to gcr(google container reg.) via local bash, but somehow I couldn't do it even though I added my current user as 'owner' to the project. In the last link that gave me an error, the following was written.
{"errors":[{"code":"UNAUTHORIZED","message":"Unauthorized access."}]}
Also, my ubuntu distribution ip that I use on wsl2 was banned by google on the grounds that I tried too much. This is my 2nd problem that I need to solve.
I encountered my problem in the first item through powershell on my local computer.
What should I do in this case?
The refusal to connect to GCP might be related to the IP ban that you mentioned, was there any specified length to the ban? Usually, an email is sent with more details about the ban. Otherwise, there is specific documentation dealing with authenticating to Container Registry. The documentation lists several authentication methods:
gcloud credential helper
Standalone credential helper
Access token
JSON key file
Which of these methods are you having issues with? The documentation lists the procedure to authenticate properly with each of these methods. Is the correct account configured? It could be a different account or a service account is being used instead.
I am currently working on a solution that is accessing OneDrive in Office 365 using Microsoft Graph. I am using the adal4j library to handle authentication and have configured the app in portal.azure.com.
My question relates the call to get the children for a specified drive. I am using a query similar to the one shown below, as I want to get folders and files at the root level of a specified users drive:
https://graph.microsoft.com/v1.0/users/*user id*/drives/*drive id*/root/children
When I login to the Graph Explorer and execute the query, I get a json result showing the root folder contents for the drive and user specified. All works as expected.
When I call it from my java application, the JSON node value is empty ([]).
Initially my thought was, because the Graph Explorer uses a different app id in the portal it was possibly something to do with access rights. However, I successfully read user profiles in our O365 tenant, the drive id's for each user, and if I execute the following:
https://graph.microsoft.com/v1.0/users/*user id*/drives/*drive id*/root/search(q='')
It provides me a complete list of all of the folders, sub folders etc within the appropriate user's drive.
Therefore, making me think this is a bug with the Graph query I am attempting to use rather than an authorization issue, but, that wouldn't explain why it works in the Graph Explorer.
The same java method is used for all calls, and the url is passed in as a parameter.
Just to follow up, the azure portal app permissions has the capability of adding permissions for the graph api. This was, indeed the problem. It would appear that the search was ignoring the permission and successfully reading the data whereas the /children call was honouring the security model. This caused a lot of confusion, but is now resolved.
Thanks Marc for your help.
How can I tell if the application my code is running in, is it in a service or an application? Why do I want to know this - I'm writing some code that is injected into the target application and that code has no way of knowing this information up front, so it has to work it out itself.
I cannot rely on any code being called from the service control manager, start, stop, or command line parameters.
I'm currently looking at GetConsoleWindow() which I hope will return NULL for a service (no console) and a window handle for any application (has a console). Not sure how valid this assumption is.
Any ideas for a better solution?
Search the current process id (GetCurrentProcessId) from the list of all running services (EnumServicesStatusEx)?
The assumption of GetConsoleWindow() is not valid.
It seems to me that you care about the context of your process more. Are you asking that if your program is running in service context or the user session? If so, use ProcessIdToSessionId() http://msdn.microsoft.com/en-us/library/aa382990%28v=VS.85%29.aspx to get your session id and you will know it.
Use WMI to query for Win32_Service instances where 'ProcessId=MyProcessid'. If there is no match, then your process is not a service.
Background on WMI app creation in C++ here.
For Windows Vista or later you can check the session id. Session 0 is reserved for services and non-interactive programs. User sessions start from 1.
Use OpenProcessToken to get the current process token. Then use CheckTokenMembership to see if the token includes the WinServiceSid well-known SID.
How to get the logged in user (interactive user) and machine name from window service in c#. When i try Environment and other class to get logged in user name it just returns NT AUTHORITY\SYSTEM from window service.
The service executes under the SYSTEM account, so that what you see in the Environment class. The machine name should not be a problem (see Gmoliv's comment). Services execute independently from whoever may be logged on: that's one of the main reasons to have them.
If you want to find out what users (yes, there may be more than one) may be logged on to your computer, you'll have to use raw Windows API's AFAIK. If you really want this, one way could be to iterate through desktops, open the named desktop, get the associated user of each desktop, and look up the account name of the user (which returns the account name on the local machine). If you only want the user which may see something on screen, use OpenInputDesktop to get a handle instead of iterating through all of them.
Note that this requires your service to have higher access rights than usual. I'd be a bit suspicious of such a service myself.
Try this code snippet
ManagementScope ms = new ManagementScope(#"\\.\root\cimv2");
ObjectQuery query = new ObjectQuery("SELECT * FROM Win32_ComputerSystem");
ManagementObjectSearcher searcher = new ManagementObjectSearcher(ms, query);
foreach(ManagementObject mo in searcher.Get())
{
Console.WriteLine(mo["UserName"].ToString());
}
Simplest approach (at least, using Visual Studio 2017 Community Edition and .Net Framework 4.7) --
Namespace: System.Security.Principal
Code:
Console.WriteLine(WindowsIdentity.GetCurrent().Name);
The above will give you:
COMPUTERNAME\username
UPDATE
Yet another approach would be to use Environment as in--
Console.WriteLine(Environment.UserName);
which will yield logged-in user's username
and
Console.WriteLine(Environment.MachineName);
which will yield the computer's or machine's name