Skip to main content
Software Engineering

Return to Answer

Improved formatting
Source Link
edit approved Feb 28 at 17:07
SoftSol
edit approved Feb 28 at 17:07
SoftSol
  • 3
  • 2

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

On Windows Server since about 2003, there is also a service interaction policy you may have to adjust. You may have to reboot the machine to pick up this setting. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows NoInteractiveServices:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

NoInteractiveServices = default is 1 until win2k3, change this to 0. On win2k8+ its default is 0.

This technote below also suggests a method using named pipes to connect a service to a windows app or background task that can run in the logged in session and send materials to the service over the pipe.

Here is a technote from Microsoft on the topic along with some cautions: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine  : SYSTEM\CurrentControlSet\Services\your service Key= "Type" Position

SYSTEM\CurrentControlSet\Services\your service

Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

On Windows Server since about 2003, there is also a service interaction policy you may have to adjust. You may have to reboot the machine to pick up this setting. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows NoInteractiveServices = default is 1 until win2k3, change this to 0. On win2k8+ its default is 0

This technote below also suggests a method using named pipes to connect a service to a windows app or background task that can run in the logged in session and send materials to the service over the pipe.

Here is a technote from Microsoft on the topic along with some cautions: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine  : SYSTEM\CurrentControlSet\Services\your service Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

On Windows Server since about 2003, there is also a service interaction policy you may have to adjust. You may have to reboot the machine to pick up this setting:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows

NoInteractiveServices = default is 1 until win2k3, change this to 0. On win2k8+ its default is 0.

This technote below also suggests a method using named pipes to connect a service to a windows app or background task that can run in the logged in session and send materials to the service over the pipe.

Here is a technote from Microsoft on the topic along with some cautions: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine:

SYSTEM\CurrentControlSet\Services\your service

Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv

added 591 characters in body
Source Link
Tim Cederquist
Tim Cederquist
  • 191
  • 3

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

On Windows Server since about 2003, there is also a service interaction policy you may have to adjust. You may have to reboot the machine to pick up this setting. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows NoInteractiveServices = default is 1 until win2k3, change this to 0. On win2k8+ its default is 0

This technote below also suggests a method using named pipes to connect a service to a windows app or background task that can run in the logged in session and send materials to the service over the pipe.

Here is a technote from Microsoft on the topic along with some cautions: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine : SYSTEM\CurrentControlSet\Services\your service Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine : SYSTEM\CurrentControlSet\Services\your service Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

On Windows Server since about 2003, there is also a service interaction policy you may have to adjust. You may have to reboot the machine to pick up this setting. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows NoInteractiveServices = default is 1 until win2k3, change this to 0. On win2k8+ its default is 0

This technote below also suggests a method using named pipes to connect a service to a windows app or background task that can run in the logged in session and send materials to the service over the pipe.

Here is a technote from Microsoft on the topic along with some cautions: https://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine : SYSTEM\CurrentControlSet\Services\your service Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv

Source Link
Tim Cederquist
Tim Cederquist
  • 191
  • 3

This is a normal restriction in the Windows security model since NT3.x services that only the local service account is allowed access to the desktop when run as a service and it has other restrictions when you select that option.

There is a registry hack if you want to use a specific account but not sure it will be able to reach into any user's session unless it has admin permissions, I've never tested this use case.

HK Local Machine : SYSTEM\CurrentControlSet\Services\your service Key= "Type" Position 100h (If you logical 'or' with decimal 256 to set the bit)

Credit for this registry detail: http://www.codeproject.com/Articles/4891/Interact-With-Desktop-when-Installing-Windows-Serv