在网络服务帐户下访问 Windows 共享
[英]Access Windows Share under Network Service account
问题描述
I have two computers with Windows Server 2003. One computer has some shared folders on the network, and the other has a Windows Service (written in C#, running under the Network Service account) that needs to access those shared folders.
我有两台装有 Windows Server 2003 的计算机。一台计算机在网络上有一些共享文件夹,另一台计算机有一个 Windows 服务(用 C# 编写,在网络服务帐户下运行)需要访问这些共享文件夹。
The following code works fine as a logged-in user, but throws an exception when executed under the Network Service account.以下代码作为登录用户工作正常,但在网络服务帐户下执行时会引发异常。
File.WriteAllText(@"C:\temp\temp.txt", File.ReadAllLines(@"\\NetworkServer\Test\test.txt")[0]);
The exception message is Logon failure: unknown user name or bad password .异常消息是Logon failure: unknown user name or bad password 。 How do I get this code to work under the Network Service account?如何让此代码在网络服务帐户下工作? Is it a setting in Windows Server 2003, or do I need to add some code to this to make it work?它是 Windows Server 2003 中的一个设置,还是我需要为此添加一些代码才能使其工作?
3 个解决方案
解决方案1
3 已采纳 2009-12-23 16:38:59
On the network share, you'll need to add permissions for the "Network Service" account on the server running the service.在网络共享上,您需要为运行该服务的服务器上的“网络服务”帐户添加权限。 While this will work, @nicholas points out that this may provide an overly broad group of users access to the share.虽然这会奏效,但@nicholas 指出,这可能会提供一个过于广泛的用户组访问共享。
Another option, and in my opinion the better option , is to create a domain account and then give that account read/write permission on the share.另一种选择,在我看来更好的选择,是创建一个域帐户,然后授予该帐户对共享的读/写权限。 Then you configure the service to "run as" the domain account with proper permissions.然后将服务配置为具有适当权限的域帐户“运行”。
解决方案2
1 2014-06-30 10:18:33
@Nate's answer is either incorrect or is unclear, as far as I can tell.据我所知,@Nate 的回答要么不正确,要么不清楚。 It doesn't explain how Network Service authenticates on the network.它没有解释Network Service如何在Network Service上进行身份验证。
Network Service account has very limited privileges on a local system, it presents the computers's credentials on the network. Network Service帐户在本地系统上的权限非常有限,它在网络上显示计算机的凭据。 So if you need to access a network resource (eg a network share) under Network Service account, you have to grant access to the computer's account where the service works.因此,如果您需要访问Network Service帐户下的网络资源(例如网络共享),您必须授予访问该服务所在的计算机帐户的权限。
Providing local Network Service account with access to a network resource won't work at all, you'll keep getting authentication / authorization errors.为本地Network Service帐户提供对网络资源的访问权限根本不起作用,您将不断收到身份验证/授权错误。
See MDSN "NetworkService Account" reference .请参阅MDSN“网络服务帐户”参考。
解决方案3
1 2020-04-24 04:31:30
When the Network Service account attempts to access a share on a remote server, it authenticates on the network using the computer account.当网络服务帐户尝试访问远程服务器上的共享时,它会使用计算机帐户在网络上进行身份验证。 This account will be suffixed with $ (like servername$ ) when granted permission.授予权限后,此帐户将以 $ 为后缀(如servername$ )。
When the Network Service account attempts to access a share hosted on the SAME SERVER AS ITSELF, the computer account will NOT be able to grant the network service access.当网络服务帐户尝试访问托管在与自身相同的服务器上的共享时,计算机帐户将无法授予网络服务访问权限。 In this event, the Network Service built-in account will need to be granted access BOTH to the filesystem location AND the share permissions.在这种情况下,网络服务内置帐户需要被授予对文件系统位置和共享权限的访问权限。
Basically, when you grant Network Service access to a share, it only will affect services running as that identity on the local machine.基本上,当您授予网络服务对共享的访问权限时,它只会影响在本地计算机上以该身份运行的服务。 For remote machines, the computer account must be used, and the computer account cannot be used for granting access to local resources to Network Service.对于远程机器,必须使用计算机帐户,并且计算机帐户不能用于授予网络服务访问本地资源的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.