Req'd permissions for SSL server running as a service?

Req'd permissions for SSL server running as a service?

Post by Mike Morri » Tue, 02 Dec 2003 16:32:19

I'm using Mercury/32 as my in house mail server (an excellent product,
btw... ). I'm running both POP3 and IMAP servers,
and just added SSL support for those protocols.

Everything works fine when it is running as an app, but when run as a
service, I cannot connect with SSL (I can still connect fine with an
unencrypted connection).

I think this has to be a permissions problem, because connecting with
SSL in app mode means the firewall, the server itself, the client, etc.
are all configured correctly.

I immediately switched the service to run as Administrator, with the
same result. The log file shows that SSL negotiation fails, only when
running as a service.

This machine is our only in house server, which means it's also a domain
controller, and I'm in over my head as far as "Local" vs. "Domain" vs.
"Domain Controller" Policies go.

Specific questions:
1) Is there an account with more rights than Administrator - i.e., a
Domain Admin, etc...?

2) Am I even right that this is a permissions issue? Could the
Administrator account be mis-configured to not have sufficient rights?

3) Is it possible for the Mercury/32 process to have different rights
when when run logged in interactively as Admin, and when run as a
service as Admin?

I've confirmed that Admin has Full Control NTFS permissions of the
software tree for the executable & dlls, and the mail folders; the
application uses no registry settings.

Thanks in advance for any help,


1. SSL Server authentication, SSL client authentication, SSL connection and SSL session

2. Minimum NTFS Permissions required for SQL Server Reporting Services to run

I posted elsewhere my troubles in installing SQL Server Reporting services
on my development server. This server is locked down in (almost) the exact
same way as our production server in order to prove the ability of
applications to run and to protect our software under development.

I used two documents from Microsoft to set the NTFS Permissions:

Minimum NTFS Permissions Required for IIS 5.0 To work: ;en-us;Q271071

and Aspnet_wp.exe Could Not Be Started Error Message When You View an
ASP.Net Page: %3Ben-us%3B811320

I was not able to install SQL Server Reporting Services when the NTFS
permissions were set as documented. I was forced to make the ASPNet user an
administrator to install, this proves that the issue is permission related.

I have not been able to find a document outlining the permissions needed for
SQL Server Reporting Services. Is anyone aware of one? Our servers must be
as secure as is reasonably possible so I need this information.

Thank you.

3. Elevating permissions for Web service running on IIS6/Windows Server 2003

4. Probem on running two service instances of COM server with different service name on 2003 server

5. SSL test server response but SSL production server stays silent - why?

6. How could I ask Thread B to call B().Method() from inside Thread A's run?

7. How could I ask Thread B to call B().Method() from inside Thread A's run?

8. start then 'run as'-dialogue

9. start 'run as'-dialogue

10. aspnet users permission under SSL on windows server 2003

11. Windows Service must run as local user to access port 443 (ssl) data?

12. pgsql-server: #ifdef out file permissions check on SSL key file when on

13. [tao-users] Using SSL on secure application with no-SSL on notify service

14. aspnet users permission under SSL on windows server 2003

15. cloud of AS's