github
/
winsw
mirror of https://github.com/winsw/winsw
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #474 from NextTurn/accounts 

Document special accounts and the default domain
pull/480/head v2.7.0
Oleg Nenashev 2020-04-06 10:08:28 +02:00 committed by GitHub
parent 3ed8dcae02 c07631beda
commit 195966a9f4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/xmlConfigFile.md
View File

@ -259,7 +259,9 @@ For more information, see [Security Descriptor Definition Language](https://docs
### Service account
It is possible to specify the useraccount (and password) that the service will run as. To do this, specify a `<serviceaccount>` element like this:
The service is installed as the [LocalSystem account](https://docs.microsoft.com/windows/win32/services/localsystem-account) by default. If your service does not need a high privilege level, consider using the [LocalService account](https://docs.microsoft.com/windows/win32/services/localservice-account), the [NetworkService account](https://docs.microsoft.com/windows/win32/services/networkservice-account) or a user account.
To use a user account, specify a `<serviceaccount>` element like this:
```xml
<serviceaccount>
@ -270,10 +272,12 @@ It is possible to specify the useraccount (and password) that the service will r
</serviceaccount>
```
The `<domain>` is optional and defaults to the local computer.
The `<allowservicelogon>` is optional.
If set to `true`, will automatically set the "Allow Log On As A Service" right to the listed account.
To use [(Group) Managed Service Accounts](https://technet.microsoft.com/en-us/library/hh831782.aspx) append `$` to the account name and remove `<password>` element:
To use [Group Managed Service Accounts](https://docs.microsoft.com/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview), append `$` to the account name and remove `<password>` element:
```xml
<serviceaccount>
@ -283,6 +287,44 @@ To use [(Group) Managed Service Accounts](https://technet.microsoft.com/en-us/li
</serviceaccount>
```
#### LocalSystem account
To explicitly use the [LocalSystem account](https://docs.microsoft.com/windows/win32/services/localsystem-account), specify the following:
```xml
<serviceaccount>
<user>LocalSystem</user>
</serviceaccount>
```
Note that this account does not have a password, so any password provided is ignored.
#### LocalService account
To use the [LocalService account](https://docs.microsoft.com/windows/win32/services/localservice-account), specify the following:
```xml
<serviceaccount>
<domain>NT AUTHORITY</domain>
<user>LocalService</user>
</serviceaccount>
```
Note that this account does not have a password, so any password provided is ignored.
#### NetworkService account
To use the [NetworkService account](https://docs.microsoft.com/windows/win32/services/networkservice-account), specify the following:
```xml
<serviceaccount>
<domain>NT AUTHORITY</domain>
<user>NetworkService</user>
</serviceaccount>
```
Note that this account does not have a password, so any password provided is ignored.
### Working directory
Some services need to run with a working directory specified.