Setting the service's user account
Ordinarily, when you install a service, it runs under the LocalSystem account. You can see this by opening the services management console, right-clicking on a service, selecting Properties and choosing the Log On tab. LocalSystem is a special account used by the SCM which gives service-wide ranging privileges to interact with the computer. If you'd like to give your service more limited access, you can assign it to another user account.
Two accounts that you might consider are LocalService and NetworkService. These accounts have fewer privileges than LocalSystem, but are still built-in and ready to use. To set a new user account for your service, add the Account
and Password
attributes to ServiceInstall
. If the account doesn't have a password, which is the case with LocalService and NetworkService, you can omit the Password
attribute. Here's an example:
<DirectoryRef Id="INSTALLLOCATION"> <Component Id="CMP_WindowsService1" Guid...