Re: SHFileOperation Problem

On Apr 14, 7:12 am, Marcelo Grossi <Marcelo
Gro...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Hello,

I have a service application running under the "Local System" account. This
service can receive a command to run a set of batch operations (on my case,
collecting log files of the system). A file with a known name is created and
I will need to send this file to a shared network folder. I understand the
"Local System" account doesn't have network rights.

What can I do to copy a file from the local machine to a shared network
folder using the "Local System" account? I've been trying to use
"CreateProcessAsUser" with no avail..

Any ideas on the subject?

Thank you,


Hi,

If you have access rights to the network resources, you can
access the network server and perform your operation. Also,
in a service process you can only access the network drives
via the UNC path, you can use the following API to access the
shared hard drives on the remote server machine:

WNetGetUniversalName() UNIVERSAL_NAME_INFO_LEVEL

Now, the LocalSystem account does not have network credentials, and
explicitly denied any access to the UNC names. So, you need to use
a network service or a designated user account to access the network,
you can use the following APIs to accomplish that:

LogonUserEx()

ImpersonateLoggedOnUser()

CreateEnvironmentBlock()

GetUserProfileDirectory()

LoadUserProfile()

CreateProcessAsUser()

........................................................................................
........................................................................................

DestroyEnvironmentBlock()

UnloadUserProfile()

RevertToSelf()

CloseHandle()

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q180362

http://msdn2.microsoft.com/en-us/library/Aa385413.aspx

http://msdn2.microsoft.com/en-us/library/Aa385474.aspx

http://msdn2.microsoft.com/En-US/library/aa378189.aspx

http://msdn2.microsoft.com/en-US/library/aa378612.aspx

http://msdn2.microsoft.com/En-US/library/aa373491.aspx

http://msdn2.microsoft.com/en-us/library/aa373772.aspx

http://msdn2.microsoft.com/En-US/library/aa374341.aspx

http://msdn2.microsoft.com/en-us/library/ms682429.aspx

http://msdn2.microsoft.com/en-US/library/aa373501.aspx

http://msdn2.microsoft.com/en-US/library/aa375098.aspx

http://msdn2.microsoft.com/en-us/library/aa379317.aspx

http://msdn2.microsoft.com/en-us/library/ms724211.aspx

Kellie.

.

Relevant Pages

  • Re: more errors...
    ... > Security policies were propagated with warning. ... > account names and security IDs was done. ... > " Cannot find Local System." ... > all other computers on the network. ...
    (microsoft.public.windows.server.sbs)
  • Re: Print Problems
    ... services are usually installed in the context of the Local System ... account which is all powerful on the host machine but which has no access to ... network for the system that hosts the service and then change the service to ...
    (microsoft.public.vc.language)
  • Re: Working on a Web Server 2003
    ... Are you trying to setup and secure a webserver on a DC? ... A built in account that has a high level of access rights ... Interacts throughout the network with the computer account ... The services you mentioned, NetworkService, Local system, Local service, as ...
    (microsoft.public.inetserver.iis)
  • Re: Working on a Web Server 2003
    ... Are you trying to setup and secure a webserver on a DC? ... A built in account that has a high level of access rights ... Interacts throughout the network with the computer account ... The services you mentioned, NetworkService, Local system, Local service, as ...
    (microsoft.public.windows.server.active_directory)
  • Re: Local System Account & Network Access
    ... helpful and Roger's suggestion to use local service instead of local system ... account on a domain computer. ... membership but they do have a bearing on what a user/computer has access ... Logon ID: ...
    (microsoft.public.security)