Skip to content

Commit

Permalink
Merge pull request winsw#474 from NextTurn/accounts
Browse files Browse the repository at this point in the history
Document special accounts and the default domain
  • Loading branch information
oleg-nenashev authored Apr 6, 2020
2 parents 3ed8dca + c07631b commit 195966a
Showing 1 changed file with 44 additions and 2 deletions.
46 changes: 44 additions & 2 deletions doc/xmlConfigFile.md
Original file line number Diff line number Diff line change
Expand Up @@ -259,7 +259,9 @@ For more information, see [Security Descriptor Definition Language](https://docs

### Service account

It is possible to specify the useraccount (and password) that the service will run as. To do this, specify a `<serviceaccount>` element like this:
The service is installed as the [LocalSystem account](https://docs.microsoft.com/windows/win32/services/localsystem-account) by default. If your service does not need a high privilege level, consider using the [LocalService account](https://docs.microsoft.com/windows/win32/services/localservice-account), the [NetworkService account](https://docs.microsoft.com/windows/win32/services/networkservice-account) or a user account.

To use a user account, specify a `<serviceaccount>` element like this:

```xml
<serviceaccount>
Expand All @@ -270,10 +272,12 @@ It is possible to specify the useraccount (and password) that the service will r
</serviceaccount>
```

The `<domain>` is optional and defaults to the local computer.

The `<allowservicelogon>` is optional.
If set to `true`, will automatically set the "Allow Log On As A Service" right to the listed account.

To use [(Group) Managed Service Accounts](https://technet.microsoft.com/en-us/library/hh831782.aspx) append `$` to the account name and remove `<password>` element:
To use [Group Managed Service Accounts](https://docs.microsoft.com/windows-server/security/group-managed-service-accounts/group-managed-service-accounts-overview), append `$` to the account name and remove `<password>` element:

```xml
<serviceaccount>
Expand All @@ -283,6 +287,44 @@ To use [(Group) Managed Service Accounts](https://technet.microsoft.com/en-us/li
</serviceaccount>
```

#### LocalSystem account

To explicitly use the [LocalSystem account](https://docs.microsoft.com/windows/win32/services/localsystem-account), specify the following:

```xml
<serviceaccount>
<user>LocalSystem</user>
</serviceaccount>
```

Note that this account does not have a password, so any password provided is ignored.

#### LocalService account

To use the [LocalService account](https://docs.microsoft.com/windows/win32/services/localservice-account), specify the following:

```xml
<serviceaccount>
<domain>NT AUTHORITY</domain>
<user>LocalService</user>
</serviceaccount>
```

Note that this account does not have a password, so any password provided is ignored.

#### NetworkService account

To use the [NetworkService account](https://docs.microsoft.com/windows/win32/services/networkservice-account), specify the following:

```xml
<serviceaccount>
<domain>NT AUTHORITY</domain>
<user>NetworkService</user>
</serviceaccount>
```

Note that this account does not have a password, so any password provided is ignored.

### Working directory

Some services need to run with a working directory specified.
Expand Down

0 comments on commit 195966a

Please sign in to comment.