How to: Specify the Security Context for Services
By default, services run in a different security context than that of the logged-in user. Services run in the context of the default system account, called
LocalSystem, which gives them different access privileges to system resources than the user. You can change this behavior to specify a different user account under which your service should run.
You set the security context by manipulating the Account property for the process within which the service runs. This property allows you to set the service to one of four account types:
User, which causes the system to prompt for a valid user name and password when the service is installed and runs in the context of an account specified by a single user on the network;
LocalService, which runs in the context of an account that acts as a non-privileged user on the local computer, and presents anonymous credentials to any remote server;
LocalSystem, which runs in the context of an account that provides extensive local privileges, and presents the computer's credentials to any remote server;
NetworkService, which runs in the context of an account that acts as a non-privileged user on the local computer, and presents the computer's credentials to any remote server.
For more information, see the ServiceAccount enumeration.
After creating your service, add the necessary installers for it. For more information, see How to: Add Installers to Your Service Application.
In the designer, access the
ProjectInstallerclass and click the service process installer for the service you are working with.
For every service application, there are at least two installation components in the
ProjectInstallerclass — one that installs the processes for all services in the project, and one installer for each service the application contains. In this instance, you want to select ServiceProcessInstaller.
In the Properties window, set the Account to the appropriate value.