Run Apache as Local User – Windows XP

Problem

You are creating an application that sends data or shall we say prints data to a shared printer over the network. On an regular setup, Apache runs as a service by the System User which does not have network access. When you tried to access network resources like shared printers, it does not allow you to add print job because of lack of privileges.

Solution

Run Apache as Local User

When you install Apache 2.2 in Windows XP, it will install as a service by default, using the System User account. The System User account has many privileges such as read/write access to files on all folders, however, it does not have network access.

You can actually find the steps here: http://httpd.apache.org/docs/2.2/platform/windows.html#winsvc

But to explain in on more simple terms, here we go:

1. Create an ordinary user account, ex: wwwuser. Make sure it is a member of Users group. Don’t make it a member of Administrator or any high privilege groups.

2. Add privilege Log on as a service and Act as part of the operating system by going to Control Panel -> Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment. Look for Log on as a service and Act as part of the operating system entries from the list, open it and add the newly created user into it, ex: wwwuser.

win-policies-apache

3. Grant Read and Execute (RX) to the whole Apache2.2 directory to this user, ex: wwwuser.

4. Grant Read, Write, Change and Execute (RWXD) to Apache log directory.

5. Stop apache: go to Control Panel -> Administrative Tools -> Services. Look for Apache and stop the service.

6. Right-click Apache on the list -> click Properties. Go to Logon tab, then configure the account for Apache to run. Be sure to enter the correct username and password.

win-services-apache

7. Start Apache. Be sure that you grant Read/Write/Change access to folders that your PHP application is using to write files such as Cache directory and the like.

Enjoy

This entry was posted in Apache and tagged , , , , , . Bookmark the permalink.

Related Posts

5 Responses to Run Apache as Local User – Windows XP

  1. Renato says:

    I tried do this but when i start the service it says “windows could not start the Apache…”

  2. lysender says:

    Hey, check your error logs.

  3. Ian says:

    Wow thank you. I tried the instructions at the apache website and I think they left out step 6. They also say to grant the user executable permissions on httpd.exe which I couldn’t find. It’s called apache2.exe I think. Also I completely missed that the users group already has x permissions on apache2.exe and added my user too. I was also using my regular user account and it may be more secure to do as you did and create a completely new www user for this.

    So glad I found this article.

  4. scott chu says:

    I follow these steps on my Windows 7 but when I run ‘sc start apache2.2’. It has errors as follows:
    SERVICE_NAME: apache2.2
    TYPE : 10 WIN32_OWN_PROCESS
    STATE : 2 START_PENDING
    (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0 (0x0)
    SERVICE_EXIT_CODE : 0 (0x0)
    CHECKPOINT : 0x2
    WAIT_HINT : 0x7530
    PID : 4336
    FLAGS :

  5. scott chu says:

    I find the solution. You have to assign the user as member of group ‘Administrators’.

Leave a Reply

Your email address will not be published. Required fields are marked *