PDA

View Full Version : Discuss Digest, Vol 1, Issue 86



John Quirk
2003-11-26, 08:33
A good point about network access, I hadn't figured on anyone wanting to do
that, but only because I have a single server for all my MP3s... (apparently
iTunes needs a user account too...) So, we're back to providing the Slim
service with an account. There's a few problems with this;
We can install it with the current user, but what if that user doesn't have
the requisite network access, and much more importantly, what do we do when
we change our passwords? When I change my user password XP doesn't
automatically change the password for the service. I then need control panel
- Admin Tools - Services and manually change the password here too. There's
also a potential issue with the account getting locked out if I can't work
out how to change the Service properties and I reboot a few times.

How about we create a new account, SlimSVC for example. Grant it LOAS rights
and install the service under that account. We would then need to instruct
people to add that account the ACL for any remote drives. I don't know if
this will work with iTunes though.

If it doesn't work with iTunes, I suggest that the setup routine should
install the service as the currently logged on user, grant the user LOAS
rights and instruct people to re-run setup if the password needs to be
changed. The setup routine would then need a maintenance path to re-set the
service account where necessary. I think it sounds a bit messy, but there is
a precedence for this with a couple of other Microsoft packages like SQL and
SMS for example.

The modified setup routine would need to check if the app is already
installed, (msiexec should do this for us anyway) and offer remove, repair
and a new "change user account/password" option.

As an aside, I also think that the enter password option should mask out the
password being entered and ask for confirmation of password.

John

=======


Dean,
No account has LOAS rights, apart from local system. The best way to
progress with this would be to have the slim service run under local system
and not give it an account. I don't really understand why we're giving it an
account in the first place as we are unlikely to need it. Generally we use
system log on accounts to tighten up on security. For example we might have
a SQL Server service account, and only that account has access to the folder
that the SQL databases are stored in. Ergo, we should only need a slim
service account if the music folder is to be secured. This seems unlikely so
the best path would be:

Install slim as a service by default. I doubt many people would not want
this.
Have the slim service start up under the Local System account. This is an
admin account by definition, and has the added advantage of having LOAS
rights by default.

Using this method we don't need to ask the installing user for account and
password info, but the slim service loads without us having to launch the
server app from the console each time we reboot. We don't even need to log
on.

You should be able to specify "Use Local System" or some such in the MSI
install service routine in WISE or whatever packaging too you're using.

Clearer?

John


------------------------------

Date: Wed, 26 Nov 2003 10:08:40 -0500
From: Ron Thigpen <rthigpen (AT) nc (DOT) rr.com>
To: SlimDevices Discussion <discuss (AT) lists (DOT) slimdevices.com>
Subject: [slim] Automatic Start Slim server on XP
Message-ID: <3FC4C1F8.80004 (AT) nc (DOT) rr.com>
In-Reply-To: <200311261453.hAQErjuI068468 (AT) lists (DOT) slimdevices.com>
References: <200311261453.hAQErjuI068468 (AT) lists (DOT) slimdevices.com>
Content-Type: text/plain; charset=us-ascii; format=flowed
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Precedence: list
Reply-To: SlimDevices Discussion <discuss (AT) lists (DOT) slimdevices.com>
Message: 11

John Quirk wrote:

> [...] The best way to progress with this would be to have the slim
> service run under local system and not give it an account. I don't
> really understand why we're giving it an account in the first place
> as we are unlikely to need it.


An exception to this would be the case when the slim server needs to
access music files that are not located on the server machine. The
Local System account has no rights beyond the boundary of its own
physical box. To grant access to a UNC share on another machine on your
network (ex: \\BOX2\music) you will need to run the server under an
account other than Local System.

--rt

------------------------------

Date: Wed, 26 Nov 2003 16:13:27 +0100
From: Michael Herger <mherger (AT) jo-sac (DOT) ch>
To: SlimDevices Discussion <discuss (AT) lists (DOT) slimdevices.com>
Subject: [slim] Automatic Start Slim server on XP
Message-ID: <opry828pqzt6ty0r (AT) smtp (DOT) vtx.ch>
In-Reply-To: <200311261453.hAQErjuI068468 (AT) lists (DOT) slimdevices.com>
References: <200311261453.hAQErjuI068468 (AT) lists (DOT) slimdevices.com>
Content-Type: text/plain; format=flowed; charset=iso-8859-1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: list
Reply-To: SlimDevices Discussion <discuss (AT) lists (DOT) slimdevices.com>
Message: 12

> No account has LOAS rights, apart from local system. The best way to
> progress with this would be to have the slim service run under local
> system
> and not give it an account. I don't really understand why we're giving
> it an
> account in the first place as we are unlikely to need it.

....except if you want to access network shares with your server! A task
does not have "network drives". Of course you could handle this, but I
think it's simply beyond many user's knowledge. Slim devices are after all
inteded for the living room, not only server room geeks :-).

Regards,

--

Michael

-----------------------------------------------------------
http://www.jo-sac.ch/lindenberg - die JO des SAC Lindenberg
http://www.jo-sac.ch - JO-SAC inoffiziell!
http://photo.jo-sac.ch - mein kleines Photoalbum
------------------------------