Settings Tab
Previous Topic  Next Topic 


The Settings Tab defines a myriad of service options. The tab has three sections: General, Logon and Process.



General Section


Field

Purpose

Interact with Desktop

When checked, this allows the service to interact with the desktop of the currently logged in user. Remember that services run in a different security context so their visibility is not always assured especially when used in conjunction with Remote Desktop - you may have to connect to the Shadow Console. A service may run under an account other than the LocalSystem account, with the Interact with Desktop option enabled. The application will only be visible if the logon account is a member of the local or domain Administrators group. Session 0 Isolation in Vista, 2008 or later may further affect application visibility.

Show Window

Choose the display mode of the Interactive Service: Normal, Hidden (silently causes the Interact with Desktop field to have no effect), Minimized and Maximized. Some applications may not respond to this setting.

Ignore Control Flags

FireDaemon Pro can be controlled via writing directly to the registry. FireDaemon Pro will stop any process it is running if the Control registry key is set. It can be set globally or on a per-service basis. FireDaemon Pro will monitor the control flags as follows (remember the relationship is inverse so if no control flags are ignored then both will be monitored):


None

Both service level and global level

Service

Global level only

Global

Service level only

Both

None


The registry keys that can be modified are as follows:


Global Level (32-bit FireDaemon Pro on x86 hardware or 64-bit FireDaemon Pro on x64 hardware):


HKLM\Software\

       FireDaemon Technologies\FireDaemon\Control

               DWORD 0 or 1


Global Level (32-bit FireDaemon Pro on x64 hardware):


HKLM\Software\Wow6432Node\

       FireDaemon Technologies\FireDaemon\Control

               DWORD 0 or 1


Service Level (both x86 and x64):


HKLM\SYSTEM\

       CurrentControlSet\Services\<Service>\Parameters

               \Control

                       DWORD 0 or 1


0 = Process running 1 = Process will stop

Job Type

Determines whether the sub-process is to be placed in a Job Group. By placing the sub-process in either a Local or Global group, any child processes spawned by the sub-process will be terminated when the service is stopped. Further, the Process Priority is propagated to all processes in the Job. The actual scope of the Job Type is only relevant when the Windows Terminal Services server component is installed. A Terminal Services server has multiple namespaces for a variety of named kernel objects including job objects. By default, all services are created in Global scope. Local Jobs exist in the current client session namespace only so as to not interfere with other instances of the same application in other sessions. Generally, choose No Job if your service runs a single application instance. Choose Global Job if your service spawns multiple sub-processes or you have Windows Terminal Services running. Local Job scope is of dubious use and has been only included for the sake of completeness.

Load Order Group

Places the service in a Load Order Group with other services so that other services can be dependant on it. The naming conventions relating to Short Name apply here.


Logon Section


Field

Purpose

Logon Account

The name of the Windows user account that will own the sub-process when it is run. This can either be a local or domain account. The account will be automatically granted Logon As A Service rights. Local accounts take the form .\account. Domain accounts take the form DOMAIN\account (legacy NetBIOS parlance) , domain.com\account (Active Directory parlance) or domain.com\account$ (Managed Service Account - 2008 R2 or later only). If this is left blank the service will run as the LocalSystem user. A service may run as a user other than LocalSystem and interact with the desktop providing it is a member of domain or local Administrators group.


Note: Where an account other than LocalSystem is used to run the service, FireDaemon Pro automatically grants that account certain security privileges, namely SeServiceLogonRight, and SeTcbPrivilege. If the application is configured to interact with the desktop, a further four privileges are also granted, these being SeCreateTokenPrivilege, SeAssignPrimaryTokenPrivilege, SeIncreaseQuotaPrivilege, and SeDebugPrivilege.

Password

Password for the local or domain users account. If the user's password is changed locally or on the Domain Controller, then you will need to modify this field and reinstall the service to reflect the change otherwise the service will fail to start due to incorrect authorisation credentials. No password is required for Managed Service Accounts.

Confirm Password

Used to verify that the password entered in the field above is correct. If the passwords dont match, the service will not install.


Process Section


Field

Purpose

Priority

The scheduling priority of the sub-process, its threads and all child processes. The use of Real Time priority should be avoided as it actually pre-empts the kernel scheduler.

CPU Bindings

Allows the sub-process to be bound to specific cores on multi-CPU, multi-core machines. You can directly enter the Affinity Mask as a binary, decimal or hexadecimal value. The base is specified in the Service Manager Options. If no CPUs are checked or all are checked then the sub-process can potentially run on any CPU and the CPU actually in use will be decided by the Windows scheduler from one moment to the next.

Pre-Launch Delay

The number of milliseconds after the FireDaemon Pro service has entered the running state before the sub-process is launched.