tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Windows Service Security
Date Wed, 31 Oct 2012 21:04:02 GMT
Cédric Couralet wrote:
>> Bill,
>> - create a local user, e.g. "tomcat"
>> - stop Tomcat
>> - use whatever path the Microsoft geniuses have invented this week to
>> reach the Services applet
>> - search for the "Apache Tomcat" Service
>> - right click on it and select Settings or Properties (ditto)
>> - in the tab "Login as" (or ditto), change the account to the one you just
>> created
>> - before you restart Tomcat, make sure that all it's files/directories can
>> be read/written by this user
>> - then restart Tomcat
>> As long as the Tomcat process (and any of its webapps) does not need any
>> Windows network resources (network "shares" or printers or the like),
>> you'll be fine.
>> If you need any of these, then you'll have to use a Domain user instead of
>> a local one.
>> (Note that Tomcat probably does not need any of those, since it was
>> running fine as "LocalSystem" and that user does not have access to Windows
>> network resources either).
> Or you can use one of the two built in accounts in Windows 2008 (and
> possibly Windows 2003) : "Local Service" and "Network Service".
>>From what I have seen, these two accounts are simple users on the computer
> (with some extended right for accessing network share for "Network
> Service"). They have no administratives right on the system, so you have to
> allow them read or write access on the different folder where tomcat might
> read or write.
> Documentation for these accounts can be found here :

Maybe as a suggestion for the people who make the installers for Tomcat/Windows ?

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message