Hi all, I have two major problems with VBox and headless VMs on Windows currently: 1. getting those executed at all using restricted, non-admin users e.g. by the task scheduler. The 2. is if those execute with e.g. an admin user, letting the GUI manage those headless VMs. Instead, it often tells about COM-related problems when trying to access the state etc. of known running VMs.
I'm have the strong feeling that all of those issues have to do with permissions, group membership like if a started process is a member of the group NT-AUTHORITY\INTERACTIVE etc. Now I've been pointed at the docs where some basics about the used processes and there interaction is described and found some pretty interesting sentences: > VBoxSVC, the Oracle VM VirtualBox service process which always runs > in the background. This process is started automatically by the > first Oracle VM VirtualBox client process and exits a short time > after the last client exits.[...] > The service is responsible for bookkeeping, maintaining the state of > all VMs, and for providing communication between Oracle VM > VirtualBox components.[...] > Oracle VM VirtualBox employs its own client/server design to allow > its processes to cooperate, but all these processes run under the > same user account on the host operating system, and this is totally > transparent to the user. https://www.virtualbox.org/manual/UserManual.html#technical-components So how exactly is VBoxSVC started in case of e.g. headless started VMs using some special acocunt? What's the relationship between VBoxSVC and VBoxSDS? It doesn't seem to be one and the same component, because I see different process names. When the task scheduler executes a headless VM, VBoxSVC is created for the first time with the credentials and security context of the executed task. In my case this e.g. might be a restricted default user WITHOUT interactive login. What happens when I interactively logon the same user to manage VMs using the GUI or VBoxManage? Is the created process able to access the already started instance of VBoxSVC? Doesn't seem to be the case according my tests. What happens when I use different users to exec multiple different VMs? According the docs, there's only one VBoxSVC? But during my tests I already saw multiple of those, which might make sense if it couldn't be recognized that some are already running because of a lack of permissions somehwere for some reason. So how is access to VBoxSVC secured? Is it possible to start VBoxSVC with some high privileges manually for successful bookkeeping etc. only, while actually running individual VMs by users with lower privileges? Looking at the help of that process, I see the following output: > /RegServer: register COM out-of-proc server > /UnregServer: unregister COM out-of-proc server > /ReregServer: unregister and register COM server > no options: run the server So is that process one of the installed COM-componentsn and if so, which one? Only "Application" would make sense to me as "System Service" seems to be "VBoxSDS" instead of "VBoxSVC". > VirtualBox Application > VirtualBox System Service If it's one of those component, one could influence under which user the process is executed in the "identity" setting. The default is the user executing some app like GUI or VBoxManage, which might not be compatible with task scheduler, headless, multiple different users etc. Mit freundlichen Grüßen Thorsten Schöning -- AM-SoFT IT-Service - Bitstore Hameln GmbH i.G. Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK E-Mail: thorsten.schoen...@am-soft.de Web: http://www.AM-SoFT.de/ Tel: 05151- 9468- 0 Tel: 05151- 9468-55 Fax: 05151- 9468-88 Mobil: 0178-8 9468-04 AM-SoFT IT-Service - Bitstore Hameln GmbH i.G., Brandenburger Str. 7c, 31789 Hameln AG Hannover HRB neu - Geschäftsführer: Janine Galonska Für Rückfragen stehe ich Ihnen sehr gerne zur Verfügung. Mit freundlichen Grüßen Thorsten Schöning Tel: 05151 9468 0 Fax: 05151 9468 88 Mobil: Webseite: https://www.am-soft.de AM-Soft IT-Service - Bitstore Hameln GmbH i.G. ist ein Mitglied der Bitstore Gruppe - Ihr Full-Service-Dienstleister für IT und TK AM-Soft IT-Service - Bitstore Hameln GmbH i.G. Brandenburger Str. 7c 31789 Hameln Tel: 05151 9468 0 Bitstore IT-Consulting GmbH Zentrale - Berlin Lichtenberg Frankfurter Allee 285 10317 Berlin Tel: 030 453 087 80 CBS IT-Service - Bitstore Kaulsdorf UG Tel: 030 453 087 880 1 Büro Dallgow-Döberitz Tel: 03322 507 020 Büro Kloster Lehnin Tel: 033207 566 530 PCE IT-Service - Bitstore Darmstadt UG Darmstadt Tel: 06151 392 973 0 Büro Neuruppin Tel: 033932 606 090 ACI EDV Systemhaus - Bitstore Dresden GmbH Dresden Tel: 0351 254 410 Das Systemhaus - Bitstore Magdeburg GmbH Magdeburg Tel: 0391 636 651 0 Allerdata.IT - Bitstore Wittenberg GmbH Wittenberg Tel: 03491 876 735 7 Büro Liebenwalde Tel: 033054 810 00 HSA - das Büro - Bitstore Altenburg UG Altenburg Tel: 0344 784 390 97 Bitstore IT – Consulting GmbH NL Piesteritz Piesteritz Tel: 03491 644 868 6 Solltec IT-Services - Bitstore Braunschweig UG Braunschweig Tel: 0531 206 068 0 MF Computer Service - Bitstore Gütersloh GmbH Gütersloh Tel: 05245 920 809 3 Firmensitz: AM-Soft IT-Service - Bitstore Hameln GmbH i.G. , Brandenburger Str. 7c , 31789 Hameln Geschäftsführer Janine Galonska _______________________________________________ vbox-dev mailing list vbox-dev@virtualbox.org https://www.virtualbox.org/mailman/listinfo/vbox-dev
