I am coding a Windows Service application in VB.NET that needs to map/mount multiple network drives using UNC path in its OnStart procedure so I can access the drives later. Normally I use NET USE to map the network drives to be used in my Win32 application and it works. But when I tried the same technique in my WIndows Service application, the service started but it didn't map the drives I need. I ran the Windows Service under my username and I have privilage to map to the network drives. Is there any security issues that I'm not aware of? Please point me to the right direction. Thank you.
How to map network drive in Windows Service
- Thread starter pparker
- Start date
You can allow the service to "interact with desktop" ( http://www.vbdotnetforums.com/showpost.php?p=20841&postcount=2 ) and Net Use or Win32 API
or use WMI (if it's supported by OS) http://www.dotnet247.com/247reference/msgs/49/247083.aspx
or use WMI (if it's supported by OS) http://www.dotnet247.com/247reference/msgs/49/247083.aspx
John, Thank you for your reply. I'm following your first advice on using Win32 API. I'm using WNetAddConnection2 to connect to the network drives with the following NETRESOURCE:
nr = New NETRESOURCE
nr.lpRemoteName = UNCPath
nr.lpLocalName = Nothing<-----I don't want a drive letter
strUsername = Nothing
strPassword = Nothing
nr.dwType = RESOURCETYPE_DISK
The exact same code works if I'm using Win32 Forms (verified using NET USE command to show all connections to my machine). But when I use the code in Windows Service, the WNetAddConnection2 returns the value of 0 which means 'successful operation' and when I check available connection of my machine using NETUSE the connection is not listed. What gives? the Windows service is running under my account and has privilage to the network connection. Please point to me what I did wrong. Thanks.
nr = New NETRESOURCE
nr.lpRemoteName = UNCPath
nr.lpLocalName = Nothing<-----I don't want a drive letter
strUsername = Nothing
strPassword = Nothing
nr.dwType = RESOURCETYPE_DISK
The exact same code works if I'm using Win32 Forms (verified using NET USE command to show all connections to my machine). But when I use the code in Windows Service, the WNetAddConnection2 returns the value of 0 which means 'successful operation' and when I check available connection of my machine using NETUSE the connection is not listed. What gives? the Windows service is running under my account and has privilage to the network connection. Please point to me what I did wrong. Thanks.
Windows Services are VERY different from a regular windows application. They run in a system space totally seperated from the regular user environment, and usually start before any user logs on to system.
You have not enabled the service to "interact with desktop"?
Verify this by checking in control panel/administration/services/properties of your service/logon page. Also, you have to run the service by LocalSystem account.
(you may be able to do it with user account too, but at least for server systems have to "find a way" to modify user security settings to allow this account to run through a service and also allow it in this context to interact with desktop...)
LocalSystem account does have network access and should work, but you have to guard it from trying to do any interacting with desktop when there is no desktop to interact with (no user logged on). Mapping network drives is one of many 'things' that happen and is only possible after a user have logged in.
You have not enabled the service to "interact with desktop"?
Verify this by checking in control panel/administration/services/properties of your service/logon page. Also, you have to run the service by LocalSystem account.
(you may be able to do it with user account too, but at least for server systems have to "find a way" to modify user security settings to allow this account to run through a service and also allow it in this context to interact with desktop...)
LocalSystem account does have network access and should work, but you have to guard it from trying to do any interacting with desktop when there is no desktop to interact with (no user logged on). Mapping network drives is one of many 'things' that happen and is only possible after a user have logged in.
Hi John,
Thanks again for the reply. I did try to logon as local system with the option to interact with desktop enabled. But it's still not working for me. I use NET USE to see all the network connections to my machine and it is not there. Do you think I have to use WMI? What's the difference? Thanks for the help. As you may have concluded this is my first stab at windows service.
Thanks again for the reply. I did try to logon as local system with the option to interact with desktop enabled. But it's still not working for me. I use NET USE to see all the network connections to my machine and it is not there. Do you think I have to use WMI? What's the difference? Thanks for the help. As you may have concluded this is my first stab at windows service.
I'm not in a computing environment where I can test these different scenarios, and can't find any good about this on the web - closest is this http://www.dotnet247.com/247reference/System/Management/ManagementPath/__discussions
Also mind that there is a reason the services are separated from user environments... and mapping network drives is only relevant in a user environment. A windows service don't need a drive letter to access UNC paths, this is usually done with WMI, Windows Management Instrumentation. WMI is a service too. WMI can also be used from a user session (with privilegies), but works "under the hood" of both local system and connected systems. Likewise a user can access UNC directly and don't need to map it, but it sure is convenient.
Still I think 'net use' should be possible, but I can't search it out here.
Also mind that there is a reason the services are separated from user environments... and mapping network drives is only relevant in a user environment. A windows service don't need a drive letter to access UNC paths, this is usually done with WMI, Windows Management Instrumentation. WMI is a service too. WMI can also be used from a user session (with privilegies), but works "under the hood" of both local system and connected systems. Likewise a user can access UNC directly and don't need to map it, but it sure is convenient.
Still I think 'net use' should be possible, but I can't search it out here.
IfYouSaySo
Well-known member
This is the same old story. The LocalSystem account has full access to the local machine, and no access on the network. If you want to access network resources, you'll need to impersonate a user that has such access.
"no access" is not exactly true, "null access" is perhaps a better phrase, but you're right if there is security involved on the network resources.
MSDN LocalSystem http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/localsystem_account.asp
MSDN LocalSystem http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dllproc/base/localsystem_account.asp
I have to apologize I didn't post this sooner. This past weekend I decided to give it my last try and I still couldn't verify the connection using command console NET USE command (the connection sought was not listed). Frustrated, I went ahead and tried to open a file on the remote drive, and Voila.. there it was... it turned out I've had the connection working ever since I followed JohnH advise about making connection using Win32 API. The connection was just not visible when I verify available connections using NET USE command. I think it had something to do with I was in "desktop" world, and that connection I made was in its own process/thread separate from the desktop. I learned my lessons now.
Note: I have to start the service under my username name for it to work. You are both correct about it won't work under local system due to security issues. Thank you for your help especially JohnH.
Note: I have to start the service under my username name for it to work. You are both correct about it won't work under local system due to security issues. Thank you for your help especially JohnH.
Similar threads
- Solved
