2

We are writting a custom windows service application. The service is set to allow interaction with the desktop, and the service application will need to execute another "normal" application. The service is setup to start and run with a normal windows user account, not the system account.

The problem that we are having is that when the service calls the other normal application it appears that the registry is not being loaded as it is when the user account that the service is running as logs into windows. Specifically the application is throwing an error that certain registry keys are unavailable.

Why is the account that is running the service not receiving the full registry that the same user accounts receives when it logs into the same windows system? Can anything be done to change this?

Richard West
  • 2,968
  • 12
  • 42
  • 49

2 Answers2

1

Service accounts do not load the user profile, so do not have access to a HKCU registry hive. Settings for such services should be kept in HKLM with appropriate security settings placed on the keys as needed. However, if the profile is loaded at all on the system, it should exist somewhere under HKU if you go digging for it.

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
0

I think there is something else happening here.

Is the user logged on at the same time as the service? If so the registry hive could be locked. Are there any messages in the Windows event log?

The reason I think that the application should be able to access the HKEY_CURRENT_USER registry is because I tested this and created a sample C# Windows service (code below if interested).

Applications designed to be run as a service should however not store their information in a HKCU register hive. HKLM is the correct place for system wide application settings.

Testing Performed

I created a new user account with administrative access under Windows 7. I then granted it Logon as Service rights, installed and started the service.

My findings were: * When I ran the service, HKCU was loaded and able to be written to. * When the hive was already loaded I got this message in the event log and the real hive was not updated. Instead a temporary hive was created.

Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process. for C:\Users\OtherService\ntuser.dat

Also http://msdn.microsoft.com/en-us/library/ms684190(v=VS.85).aspx and here http://msdn.microsoft.com/en-us/library/ms684188(v=VS.85).aspx indicate that that even default system accounts do have a registry hive that gets loaded to HKCU, although it may be shared.

Code for test service

public partial class ExecuterSvc : ServiceBase
{
    public ExecuterSvc()
    {
        InitializeComponent();
    }

    protected override void OnStart(string[] args)
    {
        TagRegistryHive("Tag", "Written");
    }

    protected override void OnStop()
    {

    }

    public void TagRegistryHive(string KeyName, object Value)
    {
        try
        {
            // Load the hive.
            var rk = RegistryKey.OpenBaseKey(RegistryHive.CurrentUser, RegistryView.Default);

            rk.SetValue(KeyName.ToUpper(), Value);
        }
        catch (Exception e)
        {

        }
    }
}
Bernie White
  • 1,024
  • 7
  • 17