PDA

View Full Version : Automatic Start Slim server on XP



John Quirk
2003-11-26, 07:51
Dean,
No account has LOAS rights, apart from local system. The best way to
progress with this would be to have the slim service run under local system
and not give it an account. I don't really understand why we're giving it an
account in the first place as we are unlikely to need it. Generally we use
system log on accounts to tighten up on security. For example we might have
a SQL Server service account, and only that account has access to the folder
that the SQL databases are stored in. Ergo, we should only need a slim
service account if the music folder is to be secured. This seems unlikely so
the best path would be:

Install slim as a service by default. I doubt many people would not want
this.
Have the slim service start up under the Local System account. This is an
admin account by definition, and has the added advantage of having LOAS
rights by default.

Using this method we don't need to ask the installing user for account and
password info, but the slim service loads without us having to launch the
server app from the console each time we reboot. We don't even need to log
on.

You should be able to specify "Use Local System" or some such in the MSI
install service routine in WISE or whatever packaging too you're using.

Clearer?

John

Ron Thigpen
2003-11-26, 08:08
John Quirk wrote:

> [...] The best way to progress with this would be to have the slim
> service run under local system and not give it an account. I don't
> really understand why we're giving it an account in the first place
> as we are unlikely to need it.


An exception to this would be the case when the slim server needs to
access music files that are not located on the server machine. The
Local System account has no rights beyond the boundary of its own
physical box. To grant access to a UNC share on another machine on your
network (ex: \\BOX2\music) you will need to run the server under an
account other than Local System.

--rt

mherger
2003-11-26, 08:13
> No account has LOAS rights, apart from local system. The best way to
> progress with this would be to have the slim service run under local
> system
> and not give it an account. I don't really understand why we're giving
> it an
> account in the first place as we are unlikely to need it.

....except if you want to access network shares with your server! A task
does not have "network drives". Of course you could handle this, but I
think it's simply beyond many user's knowledge. Slim devices are after all
inteded for the living room, not only server room geeks :-).

Regards,

--

Michael

-----------------------------------------------------------
http://www.jo-sac.ch/lindenberg - die JO des SAC Lindenberg
http://www.jo-sac.ch - JO-SAC inoffiziell!
http://photo.jo-sac.ch - mein kleines Photoalbum

dean
2003-11-26, 12:22
The main motivation was two fold:

1. Provide access to network shares that provide access to the specific
user.

2. Provide access to the specific user's iTunes Music Library.

Since the LOAS rights aren't going to work, for #1, we'll have to move
back to using the system account and give some instructions about
access rights (we already do this in our FAQ).

For #2, we'll have to have the installer be smarter about finding the
iTunes Music Library on windows and have that work as the System user.

Thanks for all the help debugging this...

-dean

On Nov 26, 2003, at 6:51 AM, John Quirk wrote:

> Dean,
> No account has LOAS rights, apart from local system. The best way to
> progress with this would be to have the slim service run under local
> system
> and not give it an account. I don't really understand why we're giving
> it an
> account in the first place as we are unlikely to need it. Generally we
> use
> system log on accounts to tighten up on security. For example we might
> have
> a SQL Server service account, and only that account has access to the
> folder
> that the SQL databases are stored in. Ergo, we should only need a slim
> service account if the music folder is to be secured. This seems
> unlikely so
> the best path would be:
>
> Install slim as a service by default. I doubt many people would not
> want
> this.
> Have the slim service start up under the Local System account. This is
> an
> admin account by definition, and has the added advantage of having LOAS
> rights by default.
>
> Using this method we don't need to ask the installing user for account
> and
> password info, but the slim service loads without us having to launch
> the
> server app from the console each time we reboot. We don't even need to
> log
> on.
>
> You should be able to specify "Use Local System" or some such in the
> MSI
> install service routine in WISE or whatever packaging too you're using.
>
> Clearer?
>
> John
>
>
>