Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Add Account attribute to ServiceInstall element in Windows Service installer documentation #49371

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
gewarren merged 3 commits into from
Dec 19, 2025
Merged

Add Account attribute to ServiceInstall element in Windows Service installer documentation #49371

gewarren merged 3 commits into from
Dec 19, 2025
+15 −9

Conversation

Copy link
Contributor

Copilot AI commented Oct 20, 2025
edited by github-actions bot
Loading

Summary

This PR updates the Windows Service installer documentation to include the Account attribute in the WiX ServiceInstall element, which is a security best practice that was previously missing from the example.

Changes

1. Added Account attribute to ServiceInstall

Updated both the article and sample code to include Account="LocalService" in the ServiceInstall element:

<ServiceInstall Id="ServiceInstaller"
                Type="ownProcess"
                Name="App.WindowsService"
                DisplayName="$(Name)"
                Description="A joke service that periodically logs nerdy humor."
                Start="auto"
                Account="LocalService"
                ErrorControl="normal" />

2. Fixed directory structure

Updated the directory structure to use StandardDirectory Id="ProgramFiles6432Folder" as requested in the original issue to eliminate compilation errors. This replaces the older StandardDirectory Id="ProgramFiles64Folder" approach with the correct WiX v4 syntax.

3. Added documentation

Added explanatory text about the Account attribute and its common values:

  • LocalService: A built-in account with reduced privileges and no network credentials (recommended for most services)
  • NetworkService: Similar to LocalService but has network credentials
  • LocalSystem: The highest privilege level (use with caution)

Why This Matters

The Account attribute is important for security best practices when creating Windows services. Without it, the service may run with higher privileges than necessary. LocalService is a safer default than LocalSystem as it operates with reduced privileges, following the principle of least privilege.

The directory structure change to ProgramFiles6432Folder ensures the installer compiles without errors in WiX v4.

Files Changed

  • docs/core/extensions/windows-service-with-installer.md - Updated article with Account attribute, corrected directory structure, and explanatory documentation
  • docs/core/extensions/snippets/workers/windows-service-setup/App.WindowsService.Setup/Package.wxs - Updated sample code to match
Original prompt

This section details on the original issue you should resolve

<issue_title>Service Install example is out of date.. should implement instead</issue_title>
<issue_description>All of this part

<Directory Id="TARGETDIR" Name="SourceDir">
            <Directory Id="ProgramFilesFolder">

                <!-- Create a folder inside program files -->
                <Directory Id="ROOTDIRECTORY" Name="$(var.Manufacturer)">

                    <!-- Create a folder within the parent folder given the name -->
                    <Directory Id="INSTALLFOLDER" Name="$(Name)" />
                </Directory>
            </Directory>
        </Directory>

Can be replaced with

		<StandardDirectory Id="ProgramFiles6432Folder">
					<!-- Create a folder within the parent folder given the name -->
					<Directory Id="INSTALLFOLDER" Name="$(Name)" />
		</StandardDirectory>

and visual studio wont display the compiling error

Document Details

Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

<agent_instructions>Please evaluate the issue description and update the article in question accordingly.</agent_instructions>

Comments on the Issue (you are @copilot in this section)

Fixes #37133

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

Internal previews

📄 File 🔗 Preview link
docs/core/extensions/windows-service-with-installer.md docs/core/extensions/windows-service-with-installer

@dotnet-policy-service dotnet-policy-service bot added okr-freshness OKR: Freshness of content okr-quality Content-quality KR: Concerns article defects (bugs), freshness, or build warnings. labels Oct 20, 2025
Copilot AI changed the title [WIP] Update service install example to use StandardDirectory Add Account attribute to ServiceInstall element in Windows Service installer documentation Oct 20, 2025
Copilot AI requested a review from IEvangelist October 20, 2025 15:38
@IEvangelist IEvangelist marked this pull request as ready for review October 20, 2025 18:11
@IEvangelist IEvangelist requested a review from a team as a code owner October 20, 2025 18:11
Copilot AI review requested due to automatic review settings October 20, 2025 18:11
@IEvangelist IEvangelist enabled auto-merge (squash) October 20, 2025 18:11
Copilot AI reviewed Oct 20, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR updates the Windows Service installer documentation to follow security best practices by adding the Account attribute to the ServiceInstall element. The changes ensure the service runs with appropriate privileges rather than defaulting to potentially elevated permissions.

  • Added Account="LocalService" to the ServiceInstall element in both documentation and sample code
  • Reverted directory structure from StandardDirectory back to the traditional Directory structure with TARGETDIR and ProgramFilesFolder
  • Added explanatory documentation about the Account attribute and common account types

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
docs/core/extensions/windows-service-with-installer.md Added Account attribute to ServiceInstall element, reverted to Directory structure, and added documentation explaining account types
docs/core/extensions/snippets/workers/windows-service-setup/App.WindowsService.Setup/Package.wxs Added Account attribute to match the documentation example

BillWagner
BillWagner approved these changes Oct 21, 2025
View reviewed changes
Copy link
Member

@BillWagner BillWagner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is ready, pending resolution of the comments.

auto-merge was automatically disabled December 19, 2025 02:03

Head branch was pushed to by a user without write access

Copilot AI requested a review from gewarren December 19, 2025 02:04
@gewarren gewarren enabled auto-merge (squash) December 19, 2025 02:11
@gewarren gewarren merged commit 210a22d into main Dec 19, 2025
13 checks passed
@gewarren gewarren deleted the copilot/update-service-install-example branch December 19, 2025 02:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@BillWagner BillWagner BillWagner approved these changes

@gewarren gewarren Awaiting requested review from gewarren

+1 more reviewer

@IEvangelist IEvangelist IEvangelist approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@IEvangelist IEvangelist

Copilot code review Copilot

Labels

dotnet-fundamentals/svc okr-freshness OKR: Freshness of content okr-quality Content-quality KR: Concerns article defects (bugs), freshness, or build warnings.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Service Install example is out of date.. should implement <StandardDirectory> instead

4 participants

@BillWagner @IEvangelist @gewarren