ServiceController permissions in Windows 7
Asked Answered
G

3

12

I have an application which consists of a service and an executable. Essentially it's a forms application that is responsible for starting and stopping a service under specific circumstances.

On Windows XP the application manages this fine using the following code:

ServiceController controller = new ServiceController();
controller.MachineName = ".";
controller.ServiceName = "XXXXXXXXXX";
controller.Stop();
controller.WaitForStatus(ServiceControllerStatus.Stopped, new TimeSpan(0, 0, 10));
controller.Start();

But on Windows 7, even though I've started the application as an administrator, I get the following exception:

System.InvalidOperationException: Cannot open XXXXXXXXXXXXX service on computer '.'. ---> System.ComponentModel.Win32Exception: Access is denied
   --- End of inner exception stack trace ---
   at System.ServiceProcess.ServiceController.GetServiceHandle(Int32 desiredAccess)
   at System.ServiceProcess.ServiceController.Start(String[] args)
   at System.ServiceProcess.ServiceController.Start()

Is there anything I can do programmatically to resolve this?

Glee answered 8/10, 2010 at 15:36 Comment(0)
H
13

When you say that you started the application as Administrator, do you mean under an account in the Administrators group, or via a UAC prompt that requests administrator credentials? Without the UAC credentials prompt (or actually running as the Administrator account, not an account within the Administrators group), your application does not have permissions to modify services, so the exception you're seeing is correct.

This bit of example code can check if your application is running as an administrator, and if not, launch a UAC prompt.

public static class VistaSecurity
{
    public static bool IsAdministrator()
    {
        WindowsIdentity identity = WindowsIdentity.GetCurrent();

        if (null != identity)
        {
            WindowsPrincipal principal = new WindowsPrincipal(identity);
            return principal.IsInRole(WindowsBuiltInRole.Administrator);
        }

        return false;
    }

    public static Process RunProcess(string name, string arguments)
    {
        string path = Path.GetDirectoryName(name);

        if (String.IsNullOrEmpty(path))
        {
            path = Environment.CurrentDirectory;
        }

        ProcessStartInfo info = new ProcessStartInfo
        {
            UseShellExecute = true,
            WorkingDirectory = path,
            FileName = name,
            Arguments = arguments
        };

        if (!IsAdministrator())
        {
            info.Verb = "runas";
        }

        try
        {
            return Process.Start(info);
        }

        catch (Win32Exception ex)
        {
            Trace.WriteLine(ex);
        }

        return null;
    }
}
Hatching answered 8/10, 2010 at 15:52 Comment(1)
Sorry was being a fool - I use a shortcut to launch and had set on one of my test machines for this shortcut to run as administrator (And get prompted for UAC) but on the machine I was getting this exception I hadn't modified the shortcut appropriately.Glee
K
3

FYI, if you don't understand why it's not working in Vista or 7 even if the current user is in the administrator group, here is what MSDN has to say

In Windows Vista, User Account Control (UAC) determines the privileges of a user. If you are a member of the Built-in Administrators group, you are assigned two run-time access tokens: a standard user access token and an administrator access token. By default, you are in the standard user role. When you attempt to perform a task that requires administrative privileges, you can dynamically elevate your role by using the Consent dialog box. The code that executes the IsInRole method does not display the Consent dialog box. The code returns false if you are in the standard user role, even if you are in the Built-in Administrators group. You can elevate your privileges before you execute the code by right-clicking the application icon and indicating that you want to run as an administrator.

I remember I was quite surprised at 1st when using 7 (I never used Vista).

Knell answered 12/10, 2011 at 3:33 Comment(1)
I see. So I guess they do it this way because they don't want you to run around with admin rights all the time even if you have admin rights because it would allow possible vulnerabilities to be an admin all the time.Dumb
C
1

You can also try setting the UAC for your application to "Run as Administrator" in code.

Citrus answered 24/11, 2010 at 8:16 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.