安装Windows服务以在用户帐户下运行 [英] Installing a windows service to run under a user account

问题描述

嗨
我有一个关于在用户帐户下安装Windows服务的理论问题.考虑一下时，Windows服务似乎无法在用户帐户下运行，因为可以在任何用户登录之前启动该服务.甚至可以安装/配置该服务以运行在用户帐户下?当我尝试将ServiceProcessInstaller.Account属性设置为ServiceAcount.User来安装服务时，提示输入用户凭据(即使它们是通过ServiceProcessInstller的Username和Password属性在OnBeforeInstall方法中设置的)输入它们后，安装仍然失败，提示提供的凭据无效.如果服务无法在用户帐户下运行，则将ServiceProcessInstaller.Account设置为ServiceAccount.User会执行什么操作，以及何时使用Password和Username属性?

Uros

Hi
I have a theoretical question regarding the installation of a windows service under user account. When you think about it, it doesn't seem ok that the windows service would run under a user account, since a service can be started before any user logs in. Is it even possible to install / configure the service to run under user account? When I try to install a service with a ServiceProcessInstaller.Account property set to ServiceAcount.User, I get a prompt to enter the user credentials(even though they were set in the OnBeforeInstall method via the Username and Password properties of the ServiceProcessInstller) and when I enter them the installation still failes, saying that the provided credentials are not valid. If it is not possible for a service to run under the user account what does setting the ServiceProcessInstaller.Account to ServiceAccount.User then do and when would one use the Password and Username properties?

Uros

推荐答案

是的，这是可能的. (但是，我想知道为什么吗?最好避免.但是，我知道在某些情况下您可能需要它.)

首先，请参阅非常简短的安装概述来查看我过去的回答: ^ ].

基本上，要使您的服务可安装，您需要基于System.ServiceProcess.ServiceProcessInstaller和System.ServiceProcess.ServiceInstaller实现两个类，请参见:

http://msdn.microsoft.com/en-us/library/system.serviceprocess. serviceprocessinstaller.aspx [ ^ ]，
http://msdn.microsoft.com/en-us/library/system.serviceprocess. serviceinstaller.aspx [ ^ ].

在上面引用的两个MDSN帮助页面中，您都将找到代码示例，这些代码示例显示了如何编写安装程序的实现.

现在，查看类System.ServiceProcess.ServiceProcessInstaller并注意其属性:Account，Username和Password.这是自定义帐户的方法.

对于您的情况，应将System.ServiceProcess.User用作Account属性值，请参见:
http://msdn.microsoft.com/en-us/library/system.serviceprocess. serviceaccount.aspx [ ^ ].

请注意，使用帐户和密码的解决方案是固有的安全性问题.用密码对帐户和密码进行硬编码可能是不安全的.您可以设计一些安全机制来仅获取一次密码并将其删除，但是安装本身将导致将密码存储在系统中.很难为您提供解决此问题的最终建议，但这只是您应该了解的内容.

我只会使用不安全的密码创建一个帐户，并将这些帐户的权限限制为运行该服务所需的最低权限.特别是，拒绝访问除一个卷和一个目录(或类似目录)以外的任何磁盘卷仅需要运行该服务.

—SA

Yes, this is possible. (However, I wonder why? It''s better be avoided. However, I understand that is some situations you may need it.)

First, please see my past answer with very brief overview of installation: How to install windows service programmatically[^].

Basically, to make you service installable you need to implement two classes based on System.ServiceProcess.ServiceProcessInstaller and System.ServiceProcess.ServiceInstaller, please see:

http://msdn.microsoft.com/en-us/library/system.serviceprocess.serviceprocessinstaller.aspx[^],
http://msdn.microsoft.com/en-us/library/system.serviceprocess.serviceinstaller.aspx[^].

In both of the two MDSN help pages referenced above, you will find code samples showing how to write the implementation of the installer.

Now, look at the class System.ServiceProcess.ServiceProcessInstaller and pay attention for its properties: Account, Username and Password. This is how you can customize the account.

In your case, you should use System.ServiceProcess.User for the Account property value, please see:
http://msdn.microsoft.com/en-us/library/system.serviceprocess.serviceaccount.aspx[^].

Note that the solutions with the account and password is the inherent security problem. Hard-coding of the account and password in the code is potentially unsafe. You could devise some secure mechanism for obtaining the password just once and removing it, but the installation itself will result in storing the password in the system. It''s hard to give you an ultimate advice for solution of this problem, but this is just something you should understand.

I would simply create some account with insecure password and limit the permissions of these account to minimum barely required just to run the service. In particular, deny access to any disk volumes except one volume and one directory (or so) only need to run the service.

—SA

感谢您的宝贵时间，但事实证明问题出在其他地方.我正在使用InstallHelper以编程方式安装服务.在对InstallHelper的调用中，我将用户名和密码作为命令行参数传递.看来论据的顺序很重要.如果您在其他参数之前指定.dll的路径，则这些参数不会传递到安装程序，并且安装将失败.

Thank you for your time, but as it turns out the problem lied elsewhere. I am using the InstallHelper to programmatically install the service. In the call to the InstallHelper I pass username and password as command line arguments. It seems that the order of the arguments is important. If you specify the path to the .dll before other arguments, those arguments are not passed to the installer, and the installation failes.

这篇关于安装Windows服务以在用户帐户下运行的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！