Permissions for apps started by services running as Local System
We have a legacy service running which is responsible for monitoring another service, but also starts a console application (written in C) which continues running in the background. If we start the console application from the cmd prompt, it works fine. If we also start the service under the Network Service account, it also starts the console app fine, but in that case it cannot start the other service.
So since the service has to monitor (start/stop) another service, it must be started under Local System account to get the necessary privileges - but the problem is that the console application started by this service then cannot read its configuration from the appdata folder.
I can see that the console app gets the APPDATA folder as C:\Windows\System32\config\systemprofile\AppData\Roaming, but the app states that the configuration file inside this folder cannot be found so it closes itself. When I start it from a normal user account, it goes to this users' appdata folder and works properly. I even tried giving the Users group additional permissions for its folder inside the systemprofile\AppData\Roaming folder (which doesn't make sense, since the app is running as Local System), but it didn't help.
What is the best way to make this console app read settings from the Local System appdata folder?
Or, alternatively, is it possible to grant this single service permissions to start other services, without starting it as Local System?
If we start the console application from the cmd prompt, it works fine.
This means that the account you are logged in to has sufficient rights to do everything you need. Specify that account on the service's "Log On" tab and you should be good to go!
