Installing application software which requires Administrator priviledge

Docker Desktop for Windows
1

We are building a Windows Docker container which installs an application software on top on it which requires Administrator access. But as per Docker requirement we can install application software which is either an runs as Local System or Network Service


Windows Active Directory (AD) domains natively support both password and certificate authentication. When you build your application or service on a Windows domain-joined host, it uses the identity of the host by default if run as Local System or Network Service. Otherwise, you may configure another AD account for authentication instead

Is there a way to install the application software with Administrator privilege?.
When we tried to install the application software we are getting the below error

"Windows service start failed Error: 1053 I am trying to start the service using localSystem account but it is giving error- The service did not start or respond in a timely manner. "

2

What software are you trying to install? Do you have a Dockerfile that can be used to reproduce the problem?

3

Installing Documentum product and our product was installed with Admin or root user

Below is the Dockerfile and problem can be reproducible.

FROM microsoft/windowsservercore

RUN NET USER sp_farm /add
RUN NET LOCALGROUP Administrators /add sp_farm

USER sp_farm
RUN whoami

COPY win64_postgres /bin/
RUN [ “C:\bin\serverSetup.exe”, “-f” , “C:\bin\win_temp.properties”]
COPY postgresql-9.4.11-2-windows-x64.exe /bin/
RUN [ “C:\bin\postgresql-9.4.11-2-windows-x64.exe” ,"–unattendedmodeui" , “minimal” , “–mode” , “unattended” , “–superpassword”, “password” , “–servicename” , “postgres” ,"–servicepassword", “password” , “–serverport” , “5432” ]
COPY psqlodbc_09_05_0400-x64/psqlodbc_x64.msi /bin/
RUN msiexec.exe /q /i C:\bin\psqlodbc_x64.msi
RUN C:\Windows\System32\odbcconf.exe /a {CONFIGSYSDSN “PostgreSQL Unicode(x64)” “DSN=cs73|SERVER=localhost|Username=postgres|Password=password|Database=postgres|Protocol=7.4-2|LFConversion=0|Port=5432”}

RUN del C:\Documentum\product\7.3\install\Server_Configuration_Program.exe
RUN del C:\Documentum\product\7.3\install\cfsConfigurationProgram.exe

COPY Server_Configuration_Program.exe C:\Documentum\product\7.3\install
COPY cfsConfigurationProgram.exe C:\Documentum\product\7.3\install
COPY win_config_docker.properties C:\Documentum\product\7.3\install

RUN C:\Documentum\product\7.3\install\Server_Configuration_Program.exe -f C:\Documentum\product\7.3\install\win_config_docker.properties

CMD [ “cmd” ]

4

Are you trying to do user -> service or service -> service authentication and authorization with Active Directory? If not, then that doc doesn’t apply.

Services can run as LocalSystem or Network Service no matter what. I think that the service is failing to start for other reasons, so I recommend looking closer at logs or putting a remote debugger in the container to attach to the service process and figure out why its hanging. From there you can debug the same way as if it’s on a VM.

Have you confirmed that Postgres starts and is running as a first step? I think it would be good to verify one service at a time.

5

Postgres has installed fine and were able to connect to the database. Our services doesn’t execute on LocalSystem or Network Service , it executes on the local User or the Install Owner username and the domain of the User. We haven’t tried putting a remote debugger but instead we wrote a program to create service and kick it off

SERVICE_STATUS_PROCESS status;
schService = CreateService(
schSCManager, // SCManager database
lpszServiceName, // name of service
lpszDisplayName, // service name to display
SERVICE_ALL_ACCESS, // desired access
SERVICE_WIN32_OWN_PROCESS, // service type
SERVICE_AUTO_START, // start type
SERVICE_ERROR_NORMAL, // error control type
lpszBinaryPathName, // service’s binary
NULL, // no load ordering group
NULL, // no tag identifier
NULL, // no dependencies, for real telnet there are dependencies lor
NULL, // LocalSystem account
NULL); // no password

   if (schService == NULL)
   {
          printf("CreateService() failed, error: %ld\n", GetLastError());
          return FALSE;
   }
   BOOL b = false;
   try 
   {	   
   b = StartService(schService, NULL,NULL);

}
catch (exception& e)
{
cout << “Exception occured:”<<e.what() << ‘\n’;
}

The above program throws 1053 error.

"Windows service start failed Error: 1053 I am trying to start the service using localSystem account but it is giving error- The service did not start or respond in a timely manner. "