Hey I was wondering what these new settings are for windows service and console application

Cheers

Before Mezzmo v5.0, Mezzmo server always ran as a Windows service on your computer. This works great - but quite a few users had problems when they tried to access and stream media files from their NAS drives on their home network. The problem is related to access permissions issues where Mezzmo server running as a Windows service under (by default) the Windows Local System account could not access your files and folders on your NAS. This can be fixed with some configuration changes of your Windows service and/or NAS permissions (see FAQ - http://forum.conceiva.com/showthread.php/4597-FAQ-Accessing-files-from-external-computers-and-NAS-drives-on-your-home-network).

For Mezzmo v5.0+, we've introduced a new method of running your Mezzmo server - i.e. as a console application that runs under the Windows account that you are currently logged into. This fixes any of these access permission issues that NAS owners often complain about.

In general, we now recommend using the console application method as the simple, trouble-free method.

Before Mezzmo v5.0, Mezzmo server always ran as a Windows service on your computer. This works great - but quite a few users had problems when they tried to access and stream media files from their NAS drives on their home network. The problem is related to access permissions issues where Mezzmo server running as a Windows service under (by default) the Windows Local System account could not access your files and folders on your NAS. This can be fixed with some configuration changes of your Windows service and/or NAS permissions (see FAQ - http://forum.conceiva.com/showthread.php/4597-FAQ-Accessing-files-from-external-computers-and-NAS-drives-on-your-home-network).

For Mezzmo v5.0+, we've introduced a new method of running your Mezzmo server - i.e. as a console application that runs under the Windows account that you are currently logged into. This fixes any of these access permission issues that NAS owners often complain about.

In general, we now recommend using the console application method as the simple, trouble-free method.

The problem with this is that you must be logged into the workstation in order to run a "console app" That defeats the whole purpose of having a dedicated device for it that you don't want to always be logged into. In addition, this introduces various security concerns.

I would highly recommend working on getting the service method working correctly. Third party services should NEVER run in the Local System context unless absolutely necessary (such as system management) as this introduces various security vulnerabilities. The service should be running under a named user context and all application functionality should run under this context. In another thread, there is an issue utilizing the web interface when running under a named user context. This is ESPECIALLY important when you consider that people are allowing access to Mezzmo from the Internet via the web interface. You *ALWAYS* want to run services under the LEAST privileged security context that you can get away with for application and device security reasons.

You can use the Windows Task Manager and create a task to run the application which starts with the computer startup. Then you can assign an account to the task and set it to run even when a user isn't logged on. It will prompt you for the account credentials and will run the task with those credentials.

You can use the Windows Task Manager and create a task to run the application which starts with the computer startup. Then you can assign an account to the task and set it to run even when a user isn't logged on. It will prompt you for the account credentials and will run the task with those credentials.

Again, that introduces security issues that need not be there. In addition, there are certain settings that you will need to change in the Local Security Policy in order to get that to function correctly. For instance, you will have to grant "Log On as a Service" rights to the account first. In addition, you may also have to make additional Local Security Policy changes in order to get it to run correctly.

Running it as a console app is sub-par and there is a reason why the vast majority of software companies don't do that.

Just as a further thought...

This app is now designed for people to allow access to from the Internet, which brings its own inherent set of complications and security issues. Especially if this application is run on a home network of some sort.

With that in mind, this needs to be done right, running as a service under a least privileged access user account, not kludged together to run as a Local System account or as a console application.

It's all fun and games until your home network gets owned because of poor security practices.

Thanks for all your thoughts. With Mezzmo v5.0, users have the freedom to set up how they want their Mezzmo server to run - i.e as a Windows service or console application, and running under whatever Windows account with whatever restrictions.

For example, instead of using the default Windows Local System account for the Window service, users can create a specific Windows account with privileges restricted for security reasons (as ftanner points out) & with access to their media folders/files, and then use that for their Mezzmo (Windows) app and Mezzmo server Windows service.

Thanks for all your thoughts. With Mezzmo v5.0, users have the freedom to set up how they want their Mezzmo server to run - i.e as a Windows service or console application, and running under whatever Windows account with whatever restrictions.

For example, instead of using the default Windows Local System account for the Window service, users can create a specific Windows account with privileges restricted for security reasons (as ftanner points out) & with access to their media folders/files, and then use that for their Mezzmo (Windows) app and Mezzmo server Windows service.

If I recall correctly, someone in another thread pointed out that if you run it as a service, under a dedicated service account, that the web interface does not work correctly. I believe that it is the same thread as the NAS issues, but I could be incorrect on that.

If I recall correctly, someone in another thread pointed out that if you run it as a service, under a dedicated service account, that the web interface does not work correctly. I believe that it is the same thread as the NAS issues, but I could be incorrect on that.

All will work correctly if the Windows user account is used by both Mezzmo (Windows) app and Mezzmo server (running as a Windows service). The Windows user account must have access to your drives/folders containing your media files. After that, you can set the security access rights as you wish to keep your machine as secure as possible.

All will work correctly if the Windows user account is used by both Mezzmo (Windows) app and Mezzmo server (running as a Windows service). The Windows user account must have access to your drives/folders containing your media files. After that, you can set the security access rights as you wish to keep your machine as secure as possible.

Ok. I just tested that. You're correct. They must be doing something incorrectly.


Thank you for the clarification.

Glad it's working correctly - i.e. Mezzmo users can use their Mezzmo server to stream their files outside their home network whilst still being able to secure their PC from external exploits/hackers.