How to add a privilege to an account in Windows?
If your NamedPipe WCF Service needs to be hosted in the Global objects to communicate between sessions I'd build it as a separate Windows Service and let the your other applications communicate with each other through the new Windows Service that will be hosting your NamedPipe WCF Service.
Related videos on Youtube
mark
Updated on September 18, 2022Comments
-
mark over 1 year
Given:
- A VM running Windows 2008
- I am logged on there using my domain account (SHUNRANET\markk)
- I have added the "Create global objects" privilege to my domain account:
- The VM is restarted (I know logout/logon is enough, but I had to restart)
- I logon again using the same domain account. It seems still to have the privilege:
- I run some process and examine its Security properties using the Process Explorer. The account does not seem to have the privilege:
This is not an idle curiousity. I have a real problem, that without this privilege the named pipe WCF binding works neither on Windows 2008 nor on Windows 7! Here is an interesting discussion on this matter - http://social.msdn.microsoft.com/forums/en-US/wcf/thread/b71cfd4d-3e7f-4d76-9561-1e6070414620.
Does anyone know how to make this work? Thanks.
EDIT
BTW, when I run the process elevated, everything is fine and the process explorer does display the privilege as expected:
But I do not want to run it elevated.
EDIT2
I equally welcome any solution. Be it configuration only or mixed with code.
EDIT3
I have posted the same question on MSDN forums and they have redirected me to this page - http://support.microsoft.com/default.aspx?scid=kb;EN-US;132958. I am yet to determine the relevance of it, but it looks promising.
Notice also that it is a completely coding solution that they propose, so whoever moved this post to the ServerFault - please reinstate it back in the StackOverflow.
-
mark almost 13 yearsPlease explain why the question should be closed. The solution can be programmatic, which fits perfectly with this site.
-
GrzegorzOledzki almost 13 yearsI am sorry. I didn't get the impression the solution should be programmatic. I only saw the screenshots and thought it's a server configuration issue. But for someone who is into Windows security, it's probably obvious you ask about a programmatic solution, isn't it?
-
mark almost 13 years@Ladislav - then by all means mark it as the answer :-).
-
mark almost 13 years@Grzegorz - I am looking for all solutions. Both configuration and programmatic. And because a programmatic solution is very likely this question belongs here. Of course, configuration only solution is most welcome as well.
-
Admin almost 13 yearsYou have to run elevated in order to enable certain privileges; there is no way around this.
-
mark almost 13 yearsThis is not true. The NETWORK SERVICE account has this privilege enabled. Yet it never runs elevated.
-
this.josh almost 13 yearsIf you included some code, library references, or API references, it would make your question less likly to be flagged or down-voted. Lack of any programming references makes users view it as not programming.
-
Luke almost 13 yearsAccounts like NETWORK SERVICE get special treatment from the operating system. In the general case a normal (non-elevated) user account is never going to have those privileges present in its token.
-
mark almost 13 yearsPlease, explain why.
-
longneck over 11 years@mark "Yet it never runs elevated." this is not true. NETWORK SERVICE does run elevated. that's the point of that account: it lets you run services on the local machine that require elevated rights and be a network server.