I've got a third-party app/service running on a Windows 2003 SP2 server that is trying to fetch something from a network share on Windows 2008 box. Both boxes are members of an AD domain. For some reason, the app is complaining about having insufficient permissions to read/write to the store. The app itself doesn't have any special options for acting on the authority of another user account. It just asks for a UNC path.
The service is running with a "log on as" setting of Local System account.
I'd like to confirm what account it's using when trying to communicate with the network share. Conversely, I'd also like more details on if/why it's being rejected by the Windows 2008 network share. Are there server-side logs on 2008 that could tell me exactly why a connection attempt to a share was rejected?
Answer
The security event-log on the 2008 server should record the denied login attempt, which should also include whatever name it attempted to log in with. This is likely your best bet for figuring out what the service is trying to log in as.
Secondly, I believe if you have it logging in as 'Local System' it doesn't have off-machine access. For that you'll need to logon-as Network Service. That should inherit the rights of the AD machine account.
No comments:
Post a Comment