Archive: Cannot create new user on Windows Server 2008


Cannot create new user on Windows Server 2008
In last two days I'm trying to resolve one problem with creating new user account. In my install program I distribute PostgreSQL in ZIP version (no installer). Install program is trying to create new user account which is needed for running service (PostgreSQL cannot be run under actual user). I'm using UserMgr plugin.

My steps are simple:
* create new user
* give him "SeServiceLogonRight" right

UserMgr::CreateAccountEx "login" "password" "aaaa" "aa" "aaa" "UF_PASSWD_CANT_CHANGE|UF_DONT_EXPIRE_PASSWD"
UserMgr::AddPrivilege "login" "SeServiceLogonRight"

I need user account where password doesn't expire. Lines above work fine on my Windows XP and Windows Vista with UAC but I have a problem on Windows Server 2008 and with one customer which is in Windows domain.

On Windows Server 2008 I have administrator rights but when I try to create new user account in install program I get "Error 2254". When I try create new standard user via command line I get error "access denied".

"C:\temp>net user [user] [password] /Add
System error 5 has occurred.

Access is denied."

But when I try add new user via GUI in Windows Server 2008, all works fine. If I try install PostgreSQL via official installer (which create new system user too), all works fine and new user is created. So there is some way how to create new user but I don't know how.

Second problem with creating new user is in our customer which is in Windows domain and have a similar problem. I'm not sure if there is a possibility to create new user because what I know at this moment, his account is limited.

My questions are
-----------------
* how can I create new user account for running service under this new user on systems where I cannot create new account via lines above?
* if actual user doesn't have enough rights to create new user. How can I detect it?

Thanks for your answers.


I did some more tests. I have created small utility which add new user via WinAPI call (function NetUserAdd, using for example here: http://nsis.sourceforge.net/User_Man...ls#Create_User). When I run this utility on command line, user hasn't added successfully. When I run cmd.exe like administrator (context menu, option: "Run as administrator") all works correctly. I have this problem on Windows Server 2008 only, on Windows Vista with UAC all works fine. Any ideas?