aspose file tools*
The moose likes Tomcat and the fly likes How to Run a Service with optimal Security? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "How to Run a Service with optimal Security?" Watch "How to Run a Service with optimal Security?" New topic
Author

How to Run a Service with optimal Security?

Varuna Seneviratna
Ranch Hand

Joined: Jan 15, 2007
Posts: 167
I am using WindowsXP
I installed Apache Tomcat Servlet container as a service. It�s user guide says " For optimal security, the service should be run as a separate user, with reduced permissions (see the Windows Services administration tool and its documentation). "
So I went to Control Panel-->Administrative Tools-->Services and selected and right clicked on Tomcat which was now installed to log on as a Local System service and selected properties.
From Properties-->Log On tab-->selected this account -->clicked the Browse Button-->Select user Dialog Box-->Advanced-->clicked the find user Button-->Selected Network service

And came back to the log on tab of properties and entered a password and clicked OK button
Then restarted Tomcat. But when I entered http://localhost:8080 in IE it keeps on waiting, the Tomcat home page never gets displayed. How can I run Tomcat under the Network Service Account? How can I find out the privileges allowed under the Network Service Account?

When I am logged on as a administrator or in any other account, Is it possible to start a Service or another program which has rights granted under another account?

I never created a Network Service or local service Account are they default accounts?
How can I create an account which has adequate privileges to use a service with ensuring optimal security?

The above described procedure is from the "To configure how a service is started" title which is Under the Services node of the Microsoft management Console which appears when the help menu for the Services Window is clicked.


Help!
Regards Varuna


Varuna Seneviratna
Rene Larsen
Ranch Hand

Joined: Oct 12, 2001
Posts: 1179

You need to create a new Windows user Account (not Administrator), and assign that use to the Service.

The Network Service- and Local System Accounts are used by the Windows OS.


Regards, Rene Larsen
Dropbox Invite
 
jQuery in Action, 2nd edition
 
subject: How to Run a Service with optimal Security?