run as User without password

Question

run as User without password

Closed this issue 5 years ago · 9 comments

Then checking checkbox to run service as specefic user, if selected user doesnt have password DaemonMaster doesnt proceed and insist user password to be inserter. This way program unable to create services for user accounts with blank passwords.

Answer 1 · 2019-04-07T13:48:04.000Z

Due to security risks I doesn't implement such an feature for now.
Here is a link to such a topic:
https://stackoverflow.com/questions/1047854/cant-run-a-service-under-an-account-which-has-no-password

Answer 2 · 2019-04-07T13:55:36.000Z

But I can allow to use empty passwords and than you must manually disable this security feature.

Answer 3 · 2019-04-07T14:06:56.000Z

I read the article @the link. I am aware of this security policy and at work i am keeping my computers with group policy to allow use of blank password. Because i usually use RDP to connect to industrial PCs. But i think the issue does not apply here.
Correct me if im wrong . Regardless group polocy settings
1st.will Windows API permit service creation for specefic user with blank password? If yes then there must be no security hole issue as this is windows DNA.
2nd. If windows will refuse, then API function must return error and functionality will be reliant exclusivly on users decision to have GP Enabled or Not, its not DeamonMaster who overcomes security right?

Answer 4 · 2019-04-14T08:59:14.000Z

Sorry for the late answer.
So what you want is, that I should not check that the password is empty so that windows can decide this?

Answer 5 · 2019-04-14T09:25:02.000Z

Yes. If thats part of windows behavior.

…

On Sun, 14 Apr 2019, 12:59 Mike Cremer, ***@***.***> wrote: Sorry for the late answer. So what you want is, that I should not check that the password is empty so that windows can decide this? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#15 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AI_ek6FhFTlRmU9rtpqgtWBViVnNEKVtks5vgu3igaJpZM4cgF2H> .

Answer 6 · 2019-04-14T18:19:26.000Z

Ok I will change it.

Answer 7 · 2019-04-22T09:42:13.000Z

So I changed the code so that windows check the password/right to start without password.
(It will be in the next release version of DM. xD)

Answer 8 · 2019-04-24T06:18:38.000Z

I checked the changes. while on local account it worked for me without password , with the accounts which do have password I have got an error message then I tried to run the service after creation.
so DaemonMaster on service creation page , create with account, of Course I typed in Username, and intentionally omitted the password. DeamonMaster created the service but It couldn't start it with message "service didn't start due to login failure".
so I fought of the scenario that a service can indeed be created without password if user doesn't have one, but password can be changed later, then the service will not be able to run . but lets face some facts, Windows services out there are running regardless of such password change events. so how shall it be?
one solution I do propose is to check the valid password then entering it and give a message that such password is wrong, or even for account without password gray-scale the password field and make it invalid.

Answer 9 · 2019-04-25T12:58:35.000Z

So I don't understand all but you want that DM should check the password as before and gray-scale the password field when a user has selected an account that have no password. Right?

Edit: I don't have problems with users that have password. (same with users that have no password)