This section describes how to manually install and configure an Ice service using the IcePatch2 service as a case study. For the purposes of this discussion, we assume that Ice is installed in the directory
C:\Ice. We also assume that you have administrative access to your system, which is required by many of the installation steps discussed in this section.
The service needs a directory in which to store the files that it distributes to clients. A common mistake is assuming that a service will be able to access a file or directory that you created using your current account, which is likely to cause the service to fail in a way that is difficult to diagnose. To prevent such failures, we will ensure that the directory has the necessary permissions for the service to access it while running in the
Local Service account.
C:\Windows\ ServiceProfiles\
LocalService\
AppData\
Local\
ZeroC\
icepatch2\
data\
Since Local Service is a built-in account, its user directory should already exist and have the proper access rights.
1 If the directory does not exist, we can create it in a command window with the following steps:
At this point we could create the rest of the directory hierarchy. However, a newly-created directory inherits the privileges of its enclosing directory, and we have not yet modified the privileges of the
LocalService directory to grant access to the
Local Service account. At present, the privileges of the
LocalService directory are inherited from
Documents and Settings and require modification. In general, it is better to establish the necessary access rights on the parent directory prior to creating any subdirectories, so we will modify the
LocalService directory first.
By omitting the /E option to
cacls, we have replaced all of the prior access rights on the directory with the rights given in this command. As a result, the
Local Service account and anyone in the Administrators group are granted full access to the directory, while all others are forbidden. (We grant full access to the Administrators group because presumably someone other than the
Local Service account will need to manage the subdirectory, create the configuration file, an so on). You can verify the directory's current privilege settings by running
cacls without options:
cd LocalServicemkdir "Local Settings\Application Data\ZeroC\icepatch2\data"
If you want to further restrict access to files or subdirectories, you can modify them as necessary using the
cacls utility. Note however that certain actions may cause a file to revert back to the access rights of its enclosing directory. For example, modifying a file using a text editor is often the equivalent of erasing the file and recreating it, which discards any access rights you may have previously set for the file.
On some versions of Windows XP, and on Windows Server 2003 and Windows Vista, you can manage privilege settings interactively using Windows Explorer. For example, right click on the
LocalService directory, select Properties, and select the Security tab. Next select Advanced and Edit, uncheck “Include inheritable permissions from this object’s parent,” and select Copy. Remove all permission entries, then add entries for Local Service and the Administrators group and grant Full Control to each.
Now you can copy the files that will be distributed to clients into the data subdirectory. The new files should inherit the access rights of their enclosing directory. For the sake of discussion, let us copy some Slice files from the Ice distribution into the data directory:
Next we need to run icepatch2calc to prepare the directory for use by the IcePatch2 service:
IcePatch2 requires a minimal set of configuration properties. We could specify them on the service’s command line, but if we later want to modify those properties we would have to reinstall the service. Defining the properties in a file simplifies the task of modifying the service’s configuration.
The IcePatch2.Directory property specifies the location of the server’s data directory, which we created in the previous section.
We must also ensure that the service has permission to access its configuration file. The Ice run time never modifies a configuration file, therefore read access is sufficient. The configuration file likely already has the necessary access rights, which we can verify using the
cacls utility that we described in the previous section:
We will use Microsoft’s Service Control (sc) utility
2 in a command window to create the service. Our first
sc command does the majority of the work (the command is formatted for readability but must be typed on a single line):
sc create icepatch2 binPath= "C:\Ice\bin\icepatch2server.exe
--Ice.Config=C:\Ice\config\icepatch2.cfg --service icepatch2"
DisplayName= "IcePatch2 Server" start= auto
obj= "NT Authority\LocalService" password= ""
•
The service name is icepatch2. You can use whatever name you like, as long as it does not conflict with an existing service. Note however that this name is used in other contexts, such as in the
--service option discussed below, therefore you must use it consistently.
•
The binPath= option is required. We supply the full path name of the IcePatch2 server executable, as well as command-line arguments that define the location of the configuration file and the name of the service, all enclosed in quotes.
•
The DisplayName= option sets a friendly name for the service.
•
The start= option configures the start up behavior for the service. We used the argument
auto to indicate the service should be started automatically when Windows boots.
•
The obj= option selects the user account in which this service runs. As explained on
page 2004, the
Local Service account is appropriate for most services.
•
The password= option supplies the password associated with the user account indicated by
obj=. The
Local Service account has an empty password.
The sc utility should report success if it was able to create the service as specified. You can verify that the new service was created with this command:
If you start the control panel, you will notice that the entry for IcePatch2 does not have a description. To add a description for the service, use the following command:
By default, programs such as the IcePatch2 service that utilize the Service class (see
Section 8.3.2) log messages to the
Application event log. Below we describe how to prepare the Windows registry for the service’s default behavior, and we also show how to use a custom event log instead. We make use of Microsoft’s Registry (
reg) utility to modify the registry, although you could also use the interactive
regedit tool. As always, caution is recommended whenever you modify the registry.
We must configure an event log source for events to display properly. The first step is to create a registry key with the name of the source. Since the
Service class uses the service name as the source name by default, we add the key
icepatch2 as shown below:
The value 7 corresponds to the combination of the following event types:
Using the configuration described in the previous section, events logged by the IcePatch2 service are recorded in the event log using the source name
icepatch2. If you prefer to use a source name that differs from the service name, you can replace
icepatch2 in the registry commands with the name of your choosing, but you must also add a matching definition for the property
Ice.EventLog.Source to the service’s configuration file.
For example, to use the source name Ice File Patching Service, you would add the registry key as shown below:
The commands to add the EventMessageFile and
TypesSupported values must be modified in a similar fashion. Finally, add the following configuration property to
icepatch2.cfg:
You may decide that you want your services to record messages into an application-specific log instead of the
Application log that is shared by other unrelated services. As an example, let us create a log named
MyApp:
Now we can define values for EventMessageFile and
TypesSupported:
Finally, we define Ice.EventLog.Source in the IcePatch2 service’s configuration file:
The first time a service logs an event, Windows’ Event Log service caches the registry entries associated with the service’s source. If you wish to modify a service’s event log configuration, such as changing the service to use a custom log instead of the
Application log, you should perform the following steps:
After following these steps, open a log entry and ensure that it displays properly. If it does not, for example if the event properties indicate that the description of an event cannot be found, the problem is likely due to a misconfigured event source. Verify that the value of
EventMessageFile refers to the correct location of the Ice run time DLL, and that the service is defining
Ice.EventLog.Source in its configuration file (if necessary).
The program usually responds with status information indicating that the start request is pending. You can query the service’s status to verify that it started successfully:
The service should now be in the running state. If it is not in this state, open the Event Viewer control panel and inspect the relevant log for more information that should help you to locate the problem. Even if the service started successfully, you may still want to use the Event Viewer to confirm that the service is using the log you expected.
Ice includes a graphical IcePatch2 client in the demo/IcePatch2/MFC directory of the Ice distribution. Once you have built the client, you can use it to test that the service is working properly.