ID: Q127862
3.50 3.51 4.00 WINDOWS NT kbprg kbprb
The information in this article applies to:
- Microsoft Windows NT versions 3.5, 3.51, 4.0
When giving a Universal Naming Convention (UNC) name to CreateService(), the call succeeds, but the service start fails with ERROR_ACCESSS_DENIED (5). This error will only occur if the service is specified to run in the LocalSystem account.
The Service Control Manager calls CreateProcess() to start the service. If the service is specified to run in a user account, the Service Control Manager impersonates the user before calling CreateProcess(). If the service is specified to run in the LocalSystem account, the Service Control Manager runs in the LocalSystem security context. When you call CreateProcess() with a UNC name from a process running in the LocalSystem context, you get ERROR_ACCESS_DENIED. This is because LocalSystem has restricted (less than guest) access to remote machines. A null session is set up for LocalSystem remote access, which has reduced rights.
There are three possible solutions:
-or-
HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\
Services\
LanmanServer\
Parameters\
NullSessionShares
on MACHINEA. This will let requests to access this share from null sessions succeed.
WARNING: This will allow everyone access to the share. If you want to maintain security for the share, create an account with the access required.
Keywords : kbKernBase kbService kbGrpKernBase
Version : 3.50 3.51 4.00
Platform : NT WINDOWSLast Reviewed: December 22, 1996