Windows Services – Not Starting Automatically Without Admin Login

servicewindows-server-2008

I am using a software Ozeki on my Windows server 2008. From Services I make Ozeki service Startup Type: Automatic.
But when I restart my server I need to login as administrator, otherwise my service not start.

Need solution. I didn't want to login my Server as administrator.

Best Answer

If you can't set the service to start under the NT AUTHORITY\SYSTEM account (or if it doesn't work this way), there is a simple workaround - you can set up auto-logon and an immediate lockout of the session for your administrator account upon server reboot. At least you will not have to do this manually each time, but you should still consider the slight risks involved with auto-logons, before applying the solution.

  1. Open a CMD console (no elevation required) and type:

netplwiz

This may require admin rights.

Remove the tick from "Users must enter a username..." and click OK; this will ask for the specific account credentials to auto-logon on reboot.

  1. Once auto-logon is set, again in the console, type the below to set the auto-lock (replace administrator with your actual account):

reg add "hkcu\software\microsoft\windows\currentversion\run" /v "Anything you like as a name here" /t reg_sz /d "cmd /c "query session|find /i \"administrator\"&&rundll32 user32.dll,LockWorkStation"" /f

This way the server will logon the administrator account upon reboot and will almost immediately lock the session. Keep in mind that this will work even if the account is logged off and back on, but I doubt the service will be started twice. :) The only downside here would be if you accidentally log off the account - then you'll have to authenticate twice, as the first logon attempt will be locked out. ;) Well, you should also test the functionality precisely this way, before proceeding with actual reboot.

You can easily undo all of the above by placing back the tick in netplwiz and deleting the key:

reg delete "hkcu\software\microsoft\windows\currentversion\run" /v "The name you gave here" /f

You can also use SchTasks (Task Scheduler) to logon and lock the account - create a scheduled task "On logon" and use the below as an action:

cmd /c "query session|find /i "administrator"&&rundll32 user32.dll,LockWorkStation""

netplwiz will be needed again, as described.

Note the backslashes around the account name are not needed here, as they are for 'reg'.

Still, I'd go with the first option, as the startup task is less secure - it can be seen and modified by other power users (unless it is protected).

I hope this helps.

Related Topic