Re: Can't get Tomcat to use account other than System
In addition to Logon as a service, the account will also need to Act as part of the operating system. Again, these are the two minimum requirements. Depending on what you're trying to access, you may need to assign additional user rights. Darryl --- Mark Leone [EMAIL PROTECTED] wrote: Thanks. That's useful information, but unfortunately it didn't solve my problem. The account I'm trying to use was already mapped to the Logon as a Service right. I looked at all other rights that didn't have either the account or its group mapped to them, and I couldn't see any that seemed to be needed. I searched through the MS knowledge base as well, and didn't find anything relevant to this problem. I found a better way to accomplish what I was trying to do; but I'd like to find out why I can't run Tomcat as an account other than System, in case I have a need for it at some later point. Thanks for trying. Darryl Wilburn wrote: In Administrative Tools, go to Local Security Policy and navigate to Local Policies User Rights Assignment. This lists all the assignable user rights. At the very least, this account will need to be assigned to Logon On as a Service. Don't mess around with the Net Logon service. The only service you need to mess with is Apache Tomcat. The other services aren't broken, so don't try to fix them. You might also consider looking here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;kbhowtosd=TECHln=EN-USFR=0 Darryl --- Mark Leone [EMAIL PROTECTED] wrote: Can you tell me how to check for that? The only options I can find for defining account properties are in Control Panel -- Users and Administrative Tools -- Computer Management; and neither of those have any settings beyond very basic things like Admin vs. limited priviliges. I played around a bit with the Net Logon service. I specified the desired account credentials in the Log On tab of the Service Properties, and then when I tried to start the service I got the following error. Could Not start the Net Logon service on local computer. Error 1079: The accout specified for this service is different from the account specified for other services running in the same process. Not sure what to make of this, or if I'm barking up the wrong tree. Please enlighten me. Darryl Wilburn wrote: Mark, Does the account you're trying to use have all the correct user rights (act as part of the operating system, run as a service, etc.)? Darryl --- Mark Leone [EMAIL PROTECTED] wrote: I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as a Service on Windows XP. I launch the Service properties window, go to the Log On tab, check the This Account radio button, and then enter the account credentials. The credentials seem to be accepted, but if I close the Service properties window and re-launch it, the Log On tab has reverted to its default configuration, i.e. Log on as Local System Account is enabled instead of the account I specified. And Tomcat doesn't have the access rights I'd like it to have, even after restart. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides! http://travel.yahoo.com/p-travelguide - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: Can't get Tomcat to use account other than System
Darryl, I neglected to mention in my last message that I also tried giving the Act as part of the operating system right to the account I'm trying to use, and it didn't work. There are only a handful of rights that are not assigned to either the account I'm trying to use or the group it belongs to. I've listed them below, in case you have any ideas as to which one I'm missing. I should also describe the sequence of steps I took, and make sure I'm not doing something wrong. I stopped the Tomcat service, then entered the account credentials on the Log on tab of the service properties window (and checked the Use this account button). Then I clicked Apply and went to the General tab. I then started the service. When I went back to the Log on tab, the Use this account button was still checked, and the credentials I entered were still there. But then I closed the Tomcat service properties window and re-opened it- and when I went to the Log on tab, the account credentials I entered were not there anymore, and the Local System account button was checked instead of Use this account. When I subsequently checked the Use this account button, instead of the account credentials that I entered previously being displayed, the LocalSystem account was displayed. Here are all the process rights NOT assigned to either my account or the group to which it belongs. Create a token object Create permanent shared objects Deny access to this computer from the network Deny logon as a batch job Deny logon as a service Deny logon locally Deny logon through terminal services Enable computer and user accounts to be trusted for delegation Generate security audits Lock pages in memory Replace a process level token Synchronize directly service data Darryl Wilburn wrote: In addition to Logon as a service, the account will also need to Act as part of the operating system. Again, these are the two minimum requirements. Depending on what you're trying to access, you may need to assign additional user rights. Darryl --- Mark Leone [EMAIL PROTECTED] wrote: Thanks. That's useful information, but unfortunately it didn't solve my problem. The account I'm trying to use was already mapped to the Logon as a Service right. I looked at all other rights that didn't have either the account or its group mapped to them, and I couldn't see any that seemed to be needed. I searched through the MS knowledge base as well, and didn't find anything relevant to this problem. I found a better way to accomplish what I was trying to do; but I'd like to find out why I can't run Tomcat as an account other than System, in case I have a need for it at some later point. Thanks for trying. Darryl Wilburn wrote: In Administrative Tools, go to Local Security Policy and navigate to Local Policies User Rights Assignment. This lists all the assignable user rights. At the very least, this account will need to be assigned to Logon On as a Service. Don't mess around with the Net Logon service. The only service you need to mess with is Apache Tomcat. The other services aren't broken, so don't try to fix them. You might also consider looking here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;kbhowtosd=TECHln=EN-USFR=0 Darryl --- Mark Leone [EMAIL PROTECTED] wrote: Can you tell me how to check for that? The only options I can find for defining account properties are in Control Panel -- Users and Administrative Tools -- Computer Management; and neither of those have any settings beyond very basic things like Admin vs. limited priviliges. I played around a bit with the Net Logon service. I specified the desired account credentials in the Log On tab of the Service Properties, and then when I tried to start the service I got the following error. Could Not start the Net Logon service on local computer. Error 1079: The accout specified for this service is different from the account specified for other services running in the same process. Not sure what to make of this, or if I'm barking up the wrong tree. Please enlighten me. Darryl Wilburn wrote: Mark, Does the account you're trying to use have all the correct user rights (act as part of the operating system, run as a service, etc.)? Darryl --- Mark Leone [EMAIL PROTECTED] wrote: I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as
Re: Can't get Tomcat to use account other than System
In Administrative Tools, go to Local Security Policy and navigate to Local Policies User Rights Assignment. This lists all the assignable user rights. At the very least, this account will need to be assigned to Logon On as a Service. Don't mess around with the Net Logon service. The only service you need to mess with is Apache Tomcat. The other services aren't broken, so don't try to fix them. You might also consider looking here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;kbhowtosd=TECHln=EN-USFR=0 Darryl --- Mark Leone [EMAIL PROTECTED] wrote: Can you tell me how to check for that? The only options I can find for defining account properties are in Control Panel -- Users and Administrative Tools -- Computer Management; and neither of those have any settings beyond very basic things like Admin vs. limited priviliges. I played around a bit with the Net Logon service. I specified the desired account credentials in the Log On tab of the Service Properties, and then when I tried to start the service I got the following error. Could Not start the Net Logon service on local computer. Error 1079: The accout specified for this service is different from the account specified for other services running in the same process. Not sure what to make of this, or if I'm barking up the wrong tree. Please enlighten me. Darryl Wilburn wrote: Mark, Does the account you're trying to use have all the correct user rights (act as part of the operating system, run as a service, etc.)? Darryl --- Mark Leone [EMAIL PROTECTED] wrote: I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as a Service on Windows XP. I launch the Service properties window, go to the Log On tab, check the This Account radio button, and then enter the account credentials. The credentials seem to be accepted, but if I close the Service properties window and re-launch it, the Log On tab has reverted to its default configuration, i.e. Log on as Local System Account is enabled instead of the account I specified. And Tomcat doesn't have the access rights I'd like it to have, even after restart. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides! http://travel.yahoo.com/p-travelguide - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can't get Tomcat to use account other than System
Thanks. That's useful information, but unfortunately it didn't solve my problem. The account I'm trying to use was already mapped to the Logon as a Service right. I looked at all other rights that didn't have either the account or its group mapped to them, and I couldn't see any that seemed to be needed. I searched through the MS knowledge base as well, and didn't find anything relevant to this problem. I found a better way to accomplish what I was trying to do; but I'd like to find out why I can't run Tomcat as an account other than System, in case I have a need for it at some later point. Thanks for trying. Darryl Wilburn wrote: In Administrative Tools, go to Local Security Policy and navigate to Local Policies User Rights Assignment. This lists all the assignable user rights. At the very least, this account will need to be assigned to Logon On as a Service. Don't mess around with the Net Logon service. The only service you need to mess with is Apache Tomcat. The other services aren't broken, so don't try to fix them. You might also consider looking here: http://support.microsoft.com/default.aspx?scid=fh;EN-US;kbhowtosd=TECHln=EN-USFR=0 Darryl --- Mark Leone [EMAIL PROTECTED] wrote: Can you tell me how to check for that? The only options I can find for defining account properties are in Control Panel -- Users and Administrative Tools -- Computer Management; and neither of those have any settings beyond very basic things like Admin vs. limited priviliges. I played around a bit with the Net Logon service. I specified the desired account credentials in the Log On tab of the Service Properties, and then when I tried to start the service I got the following error. Could Not start the Net Logon service on local computer. Error 1079: The accout specified for this service is different from the account specified for other services running in the same process. Not sure what to make of this, or if I'm barking up the wrong tree. Please enlighten me. Darryl Wilburn wrote: Mark, Does the account you're trying to use have all the correct user rights (act as part of the operating system, run as a service, etc.)? Darryl --- Mark Leone [EMAIL PROTECTED] wrote: I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as a Service on Windows XP. I launch the Service properties window, go to the Log On tab, check the This Account radio button, and then enter the account credentials. The credentials seem to be accepted, but if I close the Service properties window and re-launch it, the Log On tab has reverted to its default configuration, i.e. Log on as Local System Account is enabled instead of the account I specified. And Tomcat doesn't have the access rights I'd like it to have, even after restart. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Plan great trips with Yahoo! Travel: Now over 17,000 guides! http://travel.yahoo.com/p-travelguide - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can't get Tomcat to use account other than System
Mark, Does the account you're trying to use have all the correct user rights (act as part of the operating system, run as a service, etc.)? Darryl --- Mark Leone [EMAIL PROTECTED] wrote: I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as a Service on Windows XP. I launch the Service properties window, go to the Log On tab, check the This Account radio button, and then enter the account credentials. The credentials seem to be accepted, but if I close the Service properties window and re-launch it, the Log On tab has reverted to its default configuration, i.e. Log on as Local System Account is enabled instead of the account I specified. And Tomcat doesn't have the access rights I'd like it to have, even after restart. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can't get Tomcat to use account other than System
Can you tell me how to check for that? The only options I can find for defining account properties are in Control Panel -- Users and Administrative Tools -- Computer Management; and neither of those have any settings beyond very basic things like Admin vs. limited priviliges. I played around a bit with the Net Logon service. I specified the desired account credentials in the Log On tab of the Service Properties, and then when I tried to start the service I got the following error. Could Not start the Net Logon service on local computer. Error 1079: The accout specified for this service is different from the account specified for other services running in the same process. Not sure what to make of this, or if I'm barking up the wrong tree. Please enlighten me. Darryl Wilburn wrote: Mark, Does the account you're trying to use have all the correct user rights (act as part of the operating system, run as a service, etc.)? Darryl --- Mark Leone [EMAIL PROTECTED] wrote: I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as a Service on Windows XP. I launch the Service properties window, go to the Log On tab, check the This Account radio button, and then enter the account credentials. The credentials seem to be accepted, but if I close the Service properties window and re-launch it, the Log On tab has reverted to its default configuration, i.e. Log on as Local System Account is enabled instead of the account I specified. And Tomcat doesn't have the access rights I'd like it to have, even after restart. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can't get Tomcat to use account other than System
I think this is a pretty basic question, but I couldn't find an answer in the archives. I've been using Tomcat for a while, with Tomcat logging on as the local System account. Now I'd like Tomcat to have some additional access rights, so I'm trying to get it to log on as a privileged user. I have Tomcat 5.5.8 installed as a Service on Windows XP. I launch the Service properties window, go to the Log On tab, check the This Account radio button, and then enter the account credentials. The credentials seem to be accepted, but if I close the Service properties window and re-launch it, the Log On tab has reverted to its default configuration, i.e. Log on as Local System Account is enabled instead of the account I specified. And Tomcat doesn't have the access rights I'd like it to have, even after restart. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]