I'm pretty sure the answer to this is yes, but I just would like some clarification.
Basically I'm wondering because the company I work at uses a 3rd-party product which runs as a process.
I would like to join this server to the domain for security reasons and to have users login via their domain credentials whenever they need to work on an issue. However, I'm fairly certain this won't be doable given the fact that the application runs as a process, so if I were to log out of the Administrator account the program would cease to run.
Can somebody provide some clarification?
Thanks!
Technically, a "process" is any running program. This may be a service (which runs all the time) or a non-service process.
First, determine exactly what kind of architecture the third-party program uses.
Some programs do start running on login, but are not actually services. More complex programs are split into two parts: a service which does run all the time, and a user interface process that starts on login (or on demand). It's not clear from your question which of these the third-party program is.
If the third-party program is a serivce (or has a service component), then it should be fine. Remember that some programs do have two parts: service and UI, and these programs are designed to have the UI come and go as users log on and off.
Next, you can try to make it a service even if it wasn't designed for it.
If the program is just a UI process and does not have a service part, then it may be possible to jury-rig it to work as a service anyway. First off, if you're planning on any kind of remote desktop scenario, then this probably won't work (multi-user scenario, and programs like this that aren't TS-aware tend to break).
At this point, it may be possible to get it to work as a service by using a program such as
srvany
(part of the 2k3 resource kit tooks).srvany
is a service that just executes a program, so it acts as a service host for non-service programs. The problem is that some programs just don't behave well as services (a lot of the permissions are different). You'll probably have to configure it to be an interactive service, which opens up a security vulnerability called shatter attacks.So, in short, it may be possible. I've had to do it once or twice. But you may decide it's best to just not go there.
Services will run as long as the machine is switched on - as long as they are set to automatic of course.
So if you need something to run regardless of who (if anyone) is logged on then you should run it as a service.
Scheduled tasks can also be run independently of the current user. You just need to supply a login account for it. However, if your group policy is to change passwords then either this account needs to be left out (which is a potential security risk) or the task will have to be updated when the password changes.
If the process doesn't have (too much of a) GUI, then you can look at making it into a service with srvany from the Windows Admin Kits.