1

I have a service running at local system account (NT AUTHORITY\SYSTEM). This service shall connect to local subversion repository. Is this possible?

I tried this

svn export --non-interactive http://localhost/svn/MyRepository TargetFolder

but it does not work. As far as I know I cannot set any password for "NT AUTHORITY\SYSTEM". I don't like to use my personal account and put my password there as clear text.

My SVN runs on VisualSVN-Server

Wernfried Domscheit
  • 38,841
  • 5
  • 50
  • 81
  • I'm not familiar with VisualSVN-Server, but in general, single sign-on authentication systems see connections from the local system account as connections from the computer's domain account, i.e., COMPUTERNAME$. It may be as simple as granting this account the appropriate access rights. – Harry Johnston Aug 08 '15 at 01:43
  • Of course, I granted access to svn repository for this user. But it does not work. I think I will simply create a local user on this machine and use that one. – Wernfried Domscheit Aug 08 '15 at 11:02
  • @HarryJohnston No, LOCAL account represents Anonymous account credentials on network. It's Network Service that represents COMPUTERNAME$ on the network. – bahrep Jan 08 '16 at 20:09
  • See http://serverfault.com/questions/135867/how-to-grant-network-access-to-localsystem-account – bahrep Jan 08 '16 at 20:11
  • @bahrep: the question and the accepted answer both say the same thing I did. The SYSTEM (aka LocalSystem) account has the same network access as NetworkService. Try it yourself! – Harry Johnston Jan 08 '16 at 21:53
  • @HarryJohnston TY, going to double-check this again. You should never use LocalSystem account for such tasks anyway. – bahrep Jan 08 '16 at 21:55

2 Answers2

0

You should never use SYSTEM account for such tasks for numerous security reasons. Create and use a dedicated local Windows or Active Directory account with limited permissions.

bahrep
  • 26,679
  • 12
  • 95
  • 136
-1

Setting up the cached authentication credentials for the System user requires running an svn.exe command as the System user. Windows Vista+/Server 2008+ doesn't make that easy.

  1. ​Install psexec from https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
  2. Start an elevated cmd.exe as Administrator.
  3. Run "psexec -i -s cmd.exe".
  4. A new cmd.exe should appear which is running as the System user.
  5. Type whoami. Verify the output reads something like "nt authority\system".
  6. Perform a subversion command like "svn --username your-svn-user list your-https-repo-url".​
  7. When prompted by svn.exe, enter the password for your-svn-user.
  8. ​The "svn auth" command allows you to examine the cached credentials.

Note if a new SSL certificate is installed on the Subversion server, you'll have to repeat this process.

For more responses on this topic: How do you run CMD.exe under the Local System Account?

buzz3791
  • 1,594
  • 2
  • 18
  • 35