I have a desktop application that installs and starts a service. I know a process can get the explorer.exe token and launch another process with that token so as the second process will run us the logged on useraccount.
My question is this: can I start my service by this explorer.exe token too? Is there an example in Delphi?
thx for your time
No, you cannot use such a trick to launch a service in a specific user account. The service's configuration in the SCM specifies the user account that the service uses when started. You can use ChangeServiceConfig() to change that account, but be careful because it is a global setting, not a per-start setting.
Related
On our TFS build server, we're getting the following error most builds (so not ALL builds, sometimes the build runs perfectly!)
"The identity of application pool application_pool_name is invalid. The user name or password that is specified for the identity may be incorrect, or the user may not have batch logon rights. If the identity is not corrected, the application pool will be disabled when the application pool receives its first request. If batch logon rights are causing the problem, the identity in the IIS configuration store must be changed after rights have been granted before Windows Process Activation Service (WAS) can retry the logon. If the identity remains invalid after the first request for the application pool is processed, the application pool will be disabled. The data field contains the error number."
Since it runs some builds, we know the identity is in fact not invalid and that it's not a code problem. Does anybody know if there are any other cases where you can get this specific error? We've had this problem for several months now...
EDIT: We've also found out it started after MS updates KB4015547 and KB4015550, but uninstalling them didn't help. Re-entering the user or using another user didn't work either.
The identity of all application pools should be set to the
correspondingservice account that you specified when you installed
Team Foundation Server (TFSService).
Change the identity and then try to stop and restart the application pool. For this, open Internet Information Services (IIS) Manager, expand the local computer and open Application Pools. Open the navigation menu and choose Stop or Start.
Restart the application pool so that Windows Process Activation Service (WAS) can determine the correct state of the protocol.
If above is still not working, you could also try reset the IIS entirely. More ways you could take a look at this thread: An application pool is not configured correctly
I try to check code-push.
I use Cordova into a docker machine into a virtual machine, in Windows.
My problem is that when I try to create an account with "code-push register", I get "A browser is being launched to authenticate your account...". This doesn't help me at all because this runs into a docker machine and no browser can start.
What can I do?
It could help me if I could link a Microsoft account.
Thanks in advance
You can use following commands to be able to authenticate against the CodePush service without launching a browser and/or without needing to use your GitHub and/or Microsoft credentials (e.g. in a CI environment),
code-push access-key add "VSTS Integration"
By default, access keys expire in 60 days. You can specify a different expiry duration by using the --ttl option and passing in a human readable duration string (e.g. "2d" => 2 days, "1h 15 min" => 1 hour and 15 minutes). For security, the key will only be shown once on creation, so remember to save it somewhere if needed!
After creating the new key, you can specify its value using the --accessKey flag of the login command, which allows you to perform "headless" authentication, as opposed to launching a browser.
code-push login --accessKey <accessKey>
if at any point you need to change a key's name and/or expiration date, you can use the following command:
code-push access-key patch <accessKeyName> --name "new name" --ttl 10d
I finally did the obvious: installed code-push on Windows, performed 'code-push login'. Then the browser opened and after I inserted microsoft login credentials I got the access token to use into Docker.
I'm using Ruby quickstart.rb example script provided by https://developers.google.com/drive/quickstart-ruby from a standalone ruby script running under Windows. The script works fine, it launches the browser window, I grant access to the app, paste the token in my console window and get authenticated.
My question is, how can I make this authentication process permanent or at least more long term? Currently I have to authorize the application every time I launch it.
Since the token changes every time a request is made, I'm not able to just save it in the script.
Thanks in advance.
You can use a service account and domain-wide delegation:
https://developers.google.com/drive/delegation
I developed an application in Delphi 2010 that reads XML data from a transactional queue. It works fine if the queue is local or remote and I don't have to set permissions in both cases.
Now I have to convert that application into a Windows Service. I copied and pasted the same application into the service code, but when I try to read the queue I get the "Access denied" error. I'm doing the tests on my local machine.
Some people say that it's a matter of permissions. I found here in Stack Overflow some posts to the same problem but I didn't find the solution.
Any ideas? I'm using Windows 7 as well.
If you are running the application locally, you are running it under your Windows logon credentials. Services by default are launched under a different user account which may not have the same rights as your account does.
Bring up the service manager (start->services.msc), find your service in the list, right click it and select Properties. Then select the Log On tab and change it to a specific account name/password. (Use your account name / password.) You'll then be executing the code using the same credentials so your Access Denied error should go away.
Suppose that you have an account which must always be running. (yes I know the answer is use a service, but at this time it's not possible - legacy stuff :)
that account has one or more critical applications which must always be running.
if that account is unintentionally logged off, i'd like to have a service monitor it, and re-login the account.
Obviously the service would have know login/pwd of user - and it would be on the same machine.
Is there a way to do this ??
thanks for your help in advance,
J_
Run your applications as service. There are some tools that can let you run applications as services.
You can monitor the active sessions with WTSEnumerateSessions.
For each enumerated session you can call: WTSQuerySessionInformation passing in WTSUserName to get the primary username of that session that is logged in.
You can then use LogonUserEx to log the user in.