tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From C├ędric Couralet <>
Subject Re: Windows Service Security
Date Wed, 31 Oct 2012 20:42:06 GMT
> Bill,
> - create a local user, e.g. "tomcat"
> - stop Tomcat
> - use whatever path the Microsoft geniuses have invented this week to
> reach the Services applet
> - search for the "Apache Tomcat" Service
> - right click on it and select Settings or Properties (ditto)
> - in the tab "Login as" (or ditto), change the account to the one you just
> created
> - before you restart Tomcat, make sure that all it's files/directories can
> be read/written by this user
> - then restart Tomcat
> As long as the Tomcat process (and any of its webapps) does not need any
> Windows network resources (network "shares" or printers or the like),
> you'll be fine.
> If you need any of these, then you'll have to use a Domain user instead of
> a local one.
> (Note that Tomcat probably does not need any of those, since it was
> running fine as "LocalSystem" and that user does not have access to Windows
> network resources either).

Or you can use one of the two built in accounts in Windows 2008 (and
possibly Windows 2003) : "Local Service" and "Network Service".

>From what I have seen, these two accounts are simple users on the computer
(with some extended right for accessing network share for "Network
Service"). They have no administratives right on the system, so you have to
allow them read or write access on the different folder where tomcat might
read or write.

Documentation for these accounts can be found here :

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message