Installing a service as non-system account
Hi,
How can I configure a service installation in the msi to run as non-system user (say a domain\user). I don't want to hardcode the password in the msi.
Thanks for your help,
Praveen
How can I configure a service installation in the msi to run as non-system user (say a domain\user). I don't want to hardcode the password in the msi.
Thanks for your help,
Praveen
0 Comments
[ + ] Show comments
Answers (5)
Please log in to answer
Posted by:
anonymous_9363
16 years ago
The two main MSI-authoring tools (Wise and InstallShield) will have a UI to create and control services.
If you're editing tables directly, you need to add the relevant information to the 'ServiceInstall' and 'ServiceControl' tables, the former to install it and indicate which user account controls it and the latter to determine whether it stops/starts on install/uninstall. The Windows Installer Help (MSI.CHM) should have plenty of information on this.
I prefer to use a self-authored script via a Custom Action, because that gives me greater control. If, say, the service fails to start, I may want to perform some other action. The standard interface doesn't give that flexibility.
If you're editing tables directly, you need to add the relevant information to the 'ServiceInstall' and 'ServiceControl' tables, the former to install it and indicate which user account controls it and the latter to determine whether it stops/starts on install/uninstall. The Windows Installer Help (MSI.CHM) should have plenty of information on this.
I prefer to use a self-authored script via a Custom Action, because that gives me greater control. If, say, the service fails to start, I may want to perform some other action. The standard interface doesn't give that flexibility.
Posted by:
nvdpraveen
16 years ago
Thanks for the quick response.
To install the service from service install section- I need to specify the passsword in the "Login Password" tab. Unfortunately it's visible in plain text when someone edits the msi. I want to hide that.
To install the service from service install section- I need to specify the passsword in the "Login Password" tab. Unfortunately it's visible in plain text when someone edits the msi. I want to hide that.
Posted by:
anonymous_9363
16 years ago
I haven't tried, but I wonder if you could use a property defined in SecureCustomProperties there? IIRC, they're not stored in plain text...
Posted by:
AngelD
16 years ago
An MSI is as cleartext as it can be except for ex. DLL custom action.
The SecureCustomProperties would just prevent the installing user to not being able to change the public property from the command line.
You have to come up with a crypted way of hiding the password text or create a DLL custom action to harden any from seeing this information withing the MSI.
The SecureCustomProperties would just prevent the installing user to not being able to change the public property from the command line.
You have to come up with a crypted way of hiding the password text or create a DLL custom action to harden any from seeing this information withing the MSI.
Posted by:
nvdpraveen
16 years ago
Thanks for the response.
Finally I'm installing the service as a local system acount and then using a central script to change the service account information.
Finally I'm installing the service as a local system acount and then using a central script to change the service account information.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.