Cygwin Wiki

Cygrunsrv wraps a cygwin executable as a Windows service, allowing you to start programs and daemons as services on boot.

Adding a program to the Windows services list[]

See here and here.

/bin/cygrunsrv.exe -I AutoSSH -p /bin/autossh -a "-M 20000 -g2CN -R 20120:localhost:3389 \
--user DOMAIN\Administrator -i /etc/key-rsa -p 20012 use...@" -e
-y tcpip --type auto

$ cygrunsrv -I service_name-p /usr/local/apache/bin/httpd.exe [-a arguments] \
[-e VAR=VALUE] [-t auto|manual] [-u user] [-w passwd]


Setting service ACLs[]

It may be necessary to set ACLs on your service to prevent other processes from messing with it. See here

Other Documentation[]

Look here:

$ less /usr/doc/Cygwin/cygrunsrv.README

cygrunsrv will not start services most of the time[]

See here.

Service User Accounts[]

Windows XP[]

Under Windows XP, you have a few options for running your program with cygrunsrv

Local System

The Local System account is an administrative account without logon privileges. This means that no one can get a desktop as this account.


NT AUTHORITY\NetworkService

The NetworkService account was introduced to limit the vulnerability of the local resources of the machine. It has similar powers as the Local System account in regards to network access, but

The other option is to create an account assigned to the administrators group.

For more about this, see here, and here.

Windows 2003 Server[]

Windows 2003 Server is very similar to Windows XP in that the Local System and NetworkService accounts are the workhorses of user impersonation for a service.

Windows 2008 Server[]

By default, the Local Service account is much more restricted in Server 2008, and cannot be used by just any service. This is a good thing because in the past, many services would use the Local Service account, so it was difficult to prove which service was doing what with the account.

Some new account types were introduced in Server 2008. They are the virtual account and the Managed Server Account. There are a few differences as illustrated here. The main difference is that the virtual account is for local services and the Managed Server Account is meant for running domain applications that need authentication on both the server and other domain hosts.

In the case of cygrunsrv, a virtual account serves us better.

Using a virtual account for your service[]

Accounts are created as soon as you enter NT SERVICE\<service name> into the Log On tab of the service. The name must match the actual service name and not the description. See here.