wrapper.ntservice.account |
||||||||||||||
ADVERTENCIADO NOT modify the value of this property while an application using the configuration file has been installed as a Windows Service. Please uninstall the existing service BEFORE modifying this property. The service with the new value can then be safely reinstalled later. This property is only effective on Windows platforms. It lets you specify the account to use when running as a Windows Service. The service account essentially provides a security context for your service. NOTAChanges on this property will not take effect until the Windows Service is reinstalled. Accounts: Windows Services can be configured to run with different types of accounts:
NOTAUsage of most of these accounts will require you to set appropriate permissions on the files that needed to be accessed by the Wrapper or the Java Application. It is best to set your file permissions only for service accounts that require access, and to limit the type of access (e.g. read, write, execute, etc.) to the bare minimum. Fine-tuning file permissions require some effort, but is often a necessary step if you want to run your application securely. On Windows, most files will have full permissions for the 'SYSTEM' account. This means that any service running with LocalSystem will run without needed to edit file permissions. This is why LocalSystem as the default account for Windows services makes it easy to set up and run your services. But you should keep in mind that, with LocalSystem, your Java process will then run with the highest privileges on Windows. While many services on Windows are considered trusted and run with LocalSystem, it is up to you deciding whether or not your application should have such privileges. Password:
Most user accounts or domain user accounts will require a password to be set. See the
wrapper. Error on Service Install: When attempting to install the service, you will encounter the following message if the account name is invalid, does not exist, or the password for the account is incorrect. A common mistake is setting the account name to leif rather than .\leif.
Additionally, only accounts which have their "Log on as a Service" right set can be used to run a service. Failure to set this right will result in the following error message when you attempt to install the service:
NOTASince version 3.5.8, the Wrapper will automatically add the "Log on as a Service" permission during the installation of the service. Starting from version 3.5.44, it is possible to control whether the permission should be added or not by using the wrapper.ntservice.account.logon_as_service property. Setting Access Right on the system: To set the "Log on as Service" right, Go to the "Administrative Tools" folder in your control panel. Open the "Local Security Policy" applet. Expand "Local Policy" and then click on "User Rights Assignment". On the right side, you will find a "log on as service policy". Right click or double click to access its properties dialog, and then add the user that you wish to allow to run the service. Note that the "Local Security Policy" applet does not appear to be available on Home Editions of Windows. Interactive Services:
The wrapper. |
Referencia: Cuenta |
|