github
/
winsw
mirror of https://github.com/winsw/winsw
1
0
Fork 0
Code Issues Releases Wiki Activity

Document special accounts and the default domain

pull/474/head
NextTurn 2019-01-01 00:00:00 +08:00
parent e655f5c489
commit c07631beda
No known key found for this signature in database
GPG Key ID: 17A0D50ADDE1A0C4
1 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
doc/xmlConfigFile.md
View File

@ -258,7 +258,9 @@ For more information, see [Security Descriptor Definition Language](https://docs
### Service account ### Service account
It is possible to specify the useraccount (and password) that the service will run as. To do this, specify a `<serviceaccount>` element like this: The service is installed as the [LocalSystem account](https://docs.microsoft.com/windows/win32/services/localsystem-account) by default. If your service does not need a high privilege level, consider using the [LocalService account](https://docs.microsoft.com/windows/win32/services/localservice-account), the [NetworkService account](https://docs.microsoft.com/windows/win32/services/networkservice-account) or a user account.
To use a user account, specify a `<serviceaccount>` element like this:
```xml ```xml
<serviceaccount> <serviceaccount>
@ -269,10 +271,12 @@ It is possible to specify the useraccount (and password) that the service will r
</serviceaccount> </serviceaccount>
``` ```
The `<domain>` is optional and defaults to the local computer.
The `<allowservicelogon>` is optional. The `<allowservicelogon>` is optional.
If set to `true`, will automatically set the "Allow Log On As A Service" right to the listed account. If set to `true`, will automatically set the "Allow Log On As A Service" right to the listed account.
To use [(Group) Managed Service Accounts](https://technet.microsoft.com/en-us/library/hh831782.aspx) append `$` to the account name and remove `<password>` element: To use [Group Managed Service Accounts](https://docs.microsoft.com/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview), append `$` to the account name and remove `<password>` element:
```xml ```xml
<serviceaccount> <serviceaccount>
@ -282,6 +286,44 @@ To use [(Group) Managed Service Accounts](https://technet.microsoft.com/en-us/li
</serviceaccount> </serviceaccount>
``` ```
#### LocalSystem account
To explicitly use the [LocalSystem account](https://docs.microsoft.com/windows/win32/services/localsystem-account), specify the following:
```xml
<serviceaccount>
<user>LocalSystem</user>
</serviceaccount>
```
Note that this account does not have a password, so any password provided is ignored.
#### LocalService account
To use the [LocalService account](https://docs.microsoft.com/windows/win32/services/localservice-account), specify the following:
```xml
<serviceaccount>
<domain>NT AUTHORITY</domain>
<user>LocalService</user>
</serviceaccount>
```
Note that this account does not have a password, so any password provided is ignored.
#### NetworkService account
To use the [NetworkService account](https://docs.microsoft.com/windows/win32/services/networkservice-account), specify the following:
```xml
<serviceaccount>
<domain>NT AUTHORITY</domain>
<user>NetworkService</user>
</serviceaccount>
```
Note that this account does not have a password, so any password provided is ignored.
### Working directory ### Working directory
Some services need to run with a working directory specified. Some services need to run with a working directory specified.