Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to firstname.lastname@example.org.
On Tue, 27 Jan 2004 13:28:59 +0100, Mark Aslan Kuschel <iis at irgendware.net> wrote: > > Hello List-Members, > I installed CVSnt on my Windows 2003 Server, but I can't get the > pserver protocol running. Which version? Win2003 pserver impersonation is hard (impossible??) to get working before version 2.0.21. > I read in the FAQ that the User the service is running with needs the > rights: > 1. act as part of the operating system > 2. create a process token > 3. create a system level token Win2003 actually disables ability of processes to create tokens, and it's impossible to grant the privilege (I guess someone with enough experience could manage it but by default you can't get around it). btw. Win2003 also has a separate impersonation privilege, as mentioned in the FAQ. LocalSystem has all the required privileges anyway by default unless you've disabled them (with the above caveat). You don't need to worry about them unless you've changed the user that the service runs under. The following can help: a) Don't use pserver if possible - sspi is much better. b) Use the same usernames/passwords that exist on your system, in which case you don't need the extra privileges (as cvsnt will just call LogonUser internally). c) Use the latest cvsnt with either S4U (if you have a win2003 active directory controller) or the Lsa helper DLL. Tony