This project is read-only.

Performing transfers as LocalSystem

Feb 6, 2008 at 1:08 AM
I am writing a service for performing BITS transfers. When I run the service as the user I am logged in as it works fine. However, when I run it as LocalSystem I get the following BITS error:

"The requested resource requires user authentication."

I am using credentials to access the server. I use the same credentials for both tests.

Any idea what I am doing wrong and how to get this to work when running as LocalSystem?

Thanks,
-Mont
Feb 7, 2008 at 6:33 PM
OK, I've discovered more about this but I still can't get it to work the way I want it to.

To get a service to successfully transfer when running as Local System I had to:

  1. Leave anonymous access enabled on the Virtual Directory
  2. Not enabled "Integrated Windows authentication"
  3. Add the IUSR account to the directory the Virtual Directory maps to
  4. Give the IUSR account write privileges (in addition to defaults)
  5. Do not set credentials on the job

If I use a normal user account then none of the above is true and I can have it fully locked down. Of course it then won't transfer when the user is not logged in, which is what I need.

I also tried the Network Service account but did't get very far because my timer event, which causes my process to run once a minute and fire of BITS jobs, was never called.

Does anyone have any ideas as to how to use LocalSystem of a service in an more secure configuration?

Thanks,
-Mont
Feb 7, 2008 at 7:30 PM
Argh, figured this out.

The user name in the credentials needs to have the domain name. Ex: mydomain\accountName

The LocalSystem account doesn't have a default domain.

I can only guess that things worked from a local user account on a non-domain machine (where the default domain would have been different) is because the domain could be wrong but just not blank?!?

Anyway, works now and I hope this helps someone else.

-Mont
May 6, 2010 at 1:12 PM
Edited May 6, 2010 at 1:13 PM
I have a similar problem.
The Windows service running as local system creates a download job. The job is trying to download from a shared directory.
When starting (resuming) the job this error message is given:
"Access is denied. The error occurred while the remote file was being processed. Error code: -2147024891

A search for the error code gives this:
The authentication method is not supported. - CoCreateInstance(IBackgroundCopyManager) fails with E_ACCESSDENIED (0x80070005) in this condition"

My code for adding the credentials to the job:
BitsCredentials cred = new BitsCredentials();
cred.AuthenticationScheme = AuthenticationScheme.Ntlm;
cred.AuthenticationTarget = AuthenticationTarget.Server;
cred.UserName = "<username>";
cred.Password = "<password>";
job.AddCredentials(cred);

When creating a download job with the current user, it works fine.