tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Crowther <>
Subject Re: Still unable to get a heap dump from Tomcat running on Windows as a service
Date Tue, 02 Feb 2010 23:23:37 GMT
On 2 February 2010 21:48, Laird Nelson <> wrote:
> OK; leery of running my Tomcat as the administrator, but am not up to speed
> on which Windows users would be better choices.  I naturally assumed that
> the local user selected by default was appropriate.

LocalSystem can impersonate any user on the computer, but has no
rights over the network.  It's actually a very highly privileged
account - if an application running as LocalSystem wanted to, it could
impersonate the local Administrator account without requiring a
password.  There are a few niceties about what that impersonated
Administrator account could do... but not many.

If you doubt this, note that IIS runs as LocalSystem and uses
impersonation to handle integrated login - it just sets the thread
handling the request to the required identity before handling the
request, and sets it back afterwards ;-).

>> I believe you can also download resource kit from Microsoft that has tools
>> that lets you watch all objects opened by a process ( so, look if Tomcat is
>> even trying to open the file ). Its been a while, so don't recall tool
>> sytax.

Process Explorer ( ) would
be my weapon of choice here.

- Peter

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message