Having used mutex-like code in numerous projects I was quite surprised to see that when a process was lauched as a system account; access to that was limited to that security context. That makes perfect sense but it seemed a bit "flaky" - for one since each process was asking for it by unique name - and it was solely for the purposes to synchronize a critical resource. If a service application initialized the mutex any other user-based application could NOT get access to the mutex (wtf?). I saw multiple examples about impersonation (DACL and ACL); granting access etc. I took the path of least resistance. We check to see if the error code returned is NO_ACCESS and if we are NOT concerned with preserving the context we signal that we are only using it for synchronization. Since this particular project still lives in "classic" VB and for reasons I can't even begin to justify, the .NET runtime is not present on the machine - spelunking to the framework objects was NOT an option. Hopefully this saves someone some time.
No comments:
Post a Comment