Considerations for running 24x7 Scheduler as a service on Windows NT servers and workstations


  1. Guidelines for Selecting a Service Logon Account
  2. Services, Desktops, and Window
  3. MAPI, ODBC, DCOM, OLE...

  1. Guidelines for Selecting a Service Logon Account
        Local User Accounts
        Domain User Accounts
        The LocalSystem Account

  2. Services, Desktops, and Window (except from MS knowledge base document Q171890) - The information in this article applies to Microsoft Windows NT versions 3.51, 4.0, Microsoft Windows 2000

    Windows NT service has a Window station and Desktop combination associated with it. This is based on which account the service is running in.

    If the service is running in the LocalSystem account and is not interactive (that is, the service type does not include the SERVICE_INTERACTIVE_PROCESS flag), the service will use the following Window station and Desktop:

           Service-0x0-3e7$\default

    where "Service-0x0-3e7$" is the name of the Window station and "default" is the name of the desktop.

    This is a noninteractive Window station.

    If the service is running in the LocalSystem account and is interacting with the desktop (that is, the service type includes the SERVICE_INTERACTIVE_PROCESS flag), the service will use the following Window station and Desktop:

           Winsta0\default

    This is an interactive Window station.

    If the service is running in the security context of a user account, the system will create a unique noninteractive Window station and Desktop for that service. The name of the Window station will be based on the Logon Security Identifier (SID) of the user:

      Service-0xZ1-Z2$\default where Z1 is the high part and Z2 is the low part of the Logon SID.

    In addition, two services running in the same security context (same service account name) will not receive the same Window station and Desktop since Logon Security Identifier's(SID) are unique to that logon session.


    MORE INFORMATION

    A Window station can either be interactive or noninteractive. (At the moment on Windows NT 3.51 and 4.0, only "Winsta0" can be an interactive Window station.) Any Desktops created on the interactive Window station will have the ability to become active. An active Desktop encompasses the ability for user objects (such as windows and dialog boxes) created on the Desktop to be visible to the interactively logged-on user (that is, the user who logs on the system via CTRL-ALT-DELETE) and receive user input.

    When the interactively logged-on user launches any processes, these processes are associated with the "default" Desktop in the "Winsta0" Window station. The "default" Desktop is considered the active Desktop. A process on the active Desktop could switch Desktops such that another Desktop becomes the active Desktop such as the "Winlogon" Desktop. Only one Desktop can be the active Desktop at any one time.

    Desktops associated with a noninteractive Window station can create user objects. These objects will never be visible to the interactively logged-on user and will never receive any user input. If you have a noninteractive Service running in the LocalSystem account, any user objects created by the service will not be visible to the interactively logged-on user. In addition, any processes launched by the service will also not be visible.


  3. MAPI, ODBC, DCOM, OLE...     Microsoft advises:
    Developers can expect difficulties with efforts to employ Microsoft technologies such as MAPI, ODBC, DCOM, OLE Automation, and DAO in a Microsoft Windows NT Services. For instance, MAPI contains user interface elements that must be anticipated and suppressed, and may require access to parts of the registry that are either unavailable to a service or require a special security context for use.

    For this reason, and those already noted, Microsoft advises developers to avoid using these technologies.