Running a Python Service under the LocalService or NetworkService Account

Tim Golden mail at timgolden.me.uk
Mon Jul 20 18:14:31 CEST 2009


mistersexy wrote:
> On Jul 20, 3:03 pm, Tim Golden <m... at timgolden.me.uk> wrote:
>> mistersexy wrote:
>>> I am trying to create a Windows service in Python using pywin32. I do
>>> not want this service to run under a user account. I want this service
>>> to be able to run as a LocalService, NetworkService and the like. How
>>> do I specify this using the win32 library? Thanks, everyone.
>> When you "install" the service, using the HandleCommandLine
>> option, specify --username= and --password options.
>>
>> TJG
> 
> That's exactly my point. I do not want to have to specify username and
> password options. For instance, when creating a Windows Service
> in .NET, it is possible to specify that the service should run using
> the LocalService or NetworkService account. Doing this, you would not
> need to specify username and password options. Is there a way to
> achieve this in Python?

Sorry, I misread: I mentally removed the "not" in your 'I do not want
this service to run under a user account' and reinserted it
further on!

By default, the service will run as LocalSystem: you
only specify a username to override that default. The value
in Username is passed straight through to the CreateService
Win32 API, and the docs for that:

  http://msdn.microsoft.com/en-us/library/ms682450%28VS.85%29.aspx


say:

"""
lpServiceStartName [in, optional]

    The name of the account under which the service should run. If the service type is SERVICE_WIN32_OWN_PROCESS, use an account name in the form DomainName\UserName. The service process will be logged on as this user. If the account belongs to the built-in domain, you can specify .\UserName.

    If this parameter is NULL, CreateService uses the LocalSystem account. If the service type specifies SERVICE_INTERACTIVE_PROCESS, the service must run in the LocalSystem account.

    If this parameter is NT AUTHORITY\LocalService, CreateService uses the LocalService account. If the parameter is NT AUTHORITY\NetworkService, CreateService uses the NetworkService account.

    A shared process can run as any user.

    If the service type is SERVICE_KERNEL_DRIVER or SERVICE_FILE_SYSTEM_DRIVER, the name is the driver object name that the system uses to load the device driver. Specify NULL if the driver is to use a default object name created by the I/O system.

    A service can be configured to use a managed account or a virtual account. If the service is configured to use a managed service account, the name is the managed service account name. If the service is configured to use a virtual account, specify the name as NT SERVICE\ServiceName. For more information about managed service accounts and virtual accounts, see the Service Accounts Step-by-Step Guide.

        Windows Server 2008, Windows Vista, Windows Server 2003, and Windows XP/2000:  Managed service accounts and virtual accounts are not supported until Windows 7 and Windows Server 2008 R2.
"""



So, although I haven't tried it, it looks as though you can pass 
"LocalService" or "NetworkService" and so on if you want to
override the default LocalSystem but don't want to specify a
username/password.

TJG



More information about the Python-list mailing list