如何为域控制器上的 Windows 服务指定 NetworkService 或 LocalService?
Dai*_*Dai 9 domain users service
这个问题不是这些现有问题的重复:
- AUTHORITY\NetworkService 不存在(问题是针对 Windows Server 2003
- 如何以“NT Authority\NetworkService”的身份运行进程?(这是一个脚本问题)
- /sf/ask/2447622061/(这是关于将
NT AUTHORITY主体添加到 ACL,而不是在 Find User GUI 中选择主体)
我在不同的计算机上配置了一个 Windows 服务:
- 工作站(非域)计算机(运行 Windows 10)
- 工作站(非域)Windows Server(运行 Windows Server 2016)
- 域工作站(运行 Windows 10)
- 域成员服务器(运行 Windows Server 2016)
- 域控制器(运行 Windows Server 2016)
加入域的计算机和成员服务器:
In all computers except the domain controller, the services.msc > Service Properties > Log On property sheet's "Select User" pop-up lets me select the NT AUTHORITY built-in principals NETWORK SERVICE and LOCAL SERVICE (aka NT AUTHORITY\NetworkService and NT AUTHORITY\LocalService).
If I ignore the Search Users window and just type "network service" into the Select User window and click "Check Names" then it's correctly resolved to NETWORK SERVICE:
Domain Controllers:
However, on this Windows Server 2016 domain controller, the Select User popup does not let me specify any local computer name (which makes sense: the local computer's security system becomes the domain security system).
...which means it's not possible to resolve, search for or select NETWORK SERVICE or LOCAL SERVICE:
When I type it in directly into the Log On tab then I get this error:
The account name is invalid or does not exist, or the password is invalid for the account name specified.
I note that on a domain controller, the "Select User or Service Account" window only lets me select either "Service Accounts" or "Users" and not "Built-in security principals".
Domain-joined workstation or member-server:
Domain controller (Windows Server 2012 R2, but it's the same on 2016):
我知道我可以通过sc config手动使用或编辑注册表(或通过在“此帐户:”文本框中键入“ Local Service”或“ Network Service”)来设置服务登录帐户,但是如果我使用“选择用户或域控制器上 Services.msc 之外的“服务帐户”对话框?
根据您的最终屏幕截图,您省略了帐户名称中的空格。试试吧Local Service。
如果这不起作用,您可以在命令行上执行,如下所示,我将其写为:
sc config ServiceName obj= "NT AUTHORITY\Local Service" password= ""
请注意,在命令行版本中LocalService或Local Service是可以接受的,但在 GUI 中只有后者有效。我不知道为什么,但事情就是这样。
- 在命令行 `sc config` 中,我必须使用 `obj="NT AUTHORITY\Local Service"`。其他变体,例如 `obj= "LocalService"` 或 `obj= "Local Service"` 不起作用。不要忘记 `=` 和 `"` 之间的空格! (2认同)