Reputation: 11339
CreateService Failing on windows 7
I am trying to install a service using CreateService API in Windows 7 64 bit.When CreateService API is called, it fails with Error code 1314 which is "A required privilege is not held by the client. ".
I am running Visual studio in Administrator mode. Any idea why it still failing when service is getting created by a process running in admin mode.
Also I am trying to create service with ACCESS_SYSTEM_SECURITY as one of desired access flag.CreateService is failing only when ACCESS_SYSTEM_SECURITY is passed otherwise its working fine.
Here is code
LUID luidSecurityPriv;
HANDLE hTokenProcCur;
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hTokenProcCur))
{
if (LookupPrivilegeValue(NULL, L"SeSecurityPrivilege", &luidSecurityPriv))
{
TOKEN_PRIVILEGES tp;
DWORD cbSinglePriv= sizeof(TOKEN_PRIVILEGES);
tp.PrivilegeCount= 1;
tp.Privileges[0].Luid= luidSecurityPriv;
tp.Privileges[0].Attributes= SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(hTokenProcCur,
FALSE,
&tp,
cbSinglePriv,
NULL,
NULL))
{
// actually register the NanoService with the OS here
SC_HANDLE schService = CreateService(schSCManager,
_T(SERVICE_NAME),
(LPCTSTR)strServiceName,
SERVICE_QUERY_STATUS | SERVICE_CHANGE_CONFIG | SERVICE_START | READ_CONTROL | WRITE_DAC | ACCESS_SYSTEM_SECURITY, // desired access
SERVICE_WIN32_OWN_PROCESS, // service type
SERVICE_AUTO_START, // start type
SERVICE_ERROR_NORMAL, // error control type
strServicePath, // service's binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // dependencies
NULL, // LocalSystem account
NULL); // no password
if (schService)
{
MessageBox(NULL,"CreateService Succeeded",L"",MB_OK);
}
else
MessageBox(NULL,"CreateService failed",L"",MB_OK);
}
}
}
Upvotes: 1
Views: 1235
Answers (1)
Reputation: 51506
The description for ACCESS_SYSTEM_SECURITY states the requirements for this access right:
The proper way to obtain this access is to enable the SE_SECURITY_NAME privilege in the caller's current access token, open the handle for ACCESS_SYSTEM_SECURITY access, and then disable the privilege.
Upvotes: 1
Related Questions
- Windows StartService returns true but service is actually stopped
- What causes StartServiceCtrlDispatcher() to fail with 1063 (ERROR_FAILED_SERVICE_CONTROLLER_CONNECT)?
- CreateMutex() fails with ERROR_ACCESS_DENIED when called by process spawned by Windows Service
- Creating windows service fails
- Calling CreateService when explicitly specifying the local domain in lpServiceStartName errors out
- CreateService or StartService hangs on windows 7 x64
- CreateService in 64-bit architecture
- Windows service installation returns error 1053
- CreateService get error: ERROR_INVALID_ADDRESS (0x000001e7)
- Issue with windows service (C++,WinAPI)