Tuesday, January 15, 2013

Adding the Network Service account to the permissions for a file/folder/registry key etc

I'm currently developing a Windows Service that's to be run under the Network Service account (owing to the fact that it requires substantial network access). I'm just starting to learn how to program Windows Services, so this is very new to me. I just started developing a simple service to start, and when I followed the instructions on this MSDN page, I was surprised when, after trying to start my service, I got the error 005: Permission denied. I later found out that I needed to give the network service account to the folder from which the service was running, i.e. the debug output folder of my project. Doing this isn't as simple as setting the permissions for other users. To add the network service account to the permissions list in Windows 7, do the following :

  1. Right click on the folder containing the service you want to debug, and go to Properties
  2. Go to the Security tab, and under the box marked "Group or user names", click on Edit ...
  3. Under the window that pops up, you'll see another box marked "Group or user names". Underneath that box, click on Add ...
  4. In the "Select Users or Groups" dialog that pops up, click on the Advanced... button at the bottom left.
  5. In the advance "Select Users or Groups" dialog that pops up, click on Find Now to find all the users, groups and built in security principals.
  6. Once the search results are populated, scroll down and select "NETWORK SERVICE" (not "NETWORK") and click on Ok, then Ok again in the Select Users or Groups dialog.
  7. One you're back to the Permissions window, ensure that you give the Network Service account Full Control over the folder in the Permissions box, then click Ok.
  8. Click Ok one last time to close the properties for your folder, and you're done.

No comments: