The Core Technologies Blog

Professional Software for Windows Services / 24×7 Operation

Q&A: Where does AlwaysUp store the Password for my Windows Account?

Q&A: Where does AlwaysUp store the Password for my Windows Account?
  I was looking to use AlwaysUp to run Excel as a service, and it looks like you can specify an account. How is the password stored when specifying an account? I want to make sure it’s stored securely.

— Ben

Good question Ben!

You are right to be concerned about security, especially with deadly ransomware attacks on the rise.

Rest assured that AlwaysUp manages your Windows securely. Here are some of the measures in place to protect your valuable credentials.

AlwaysUp hides your Windows password on the Logon tab

As a first line of defense, the field that captures your Windows password “masks” the characters, showing asterisks (“*”) instead of the characters you type:

AlwaysUp obfuscates your Windows password

By doing so, AlwaysUp does not reveal your password to casual onlookers.

Windows stores your password — not AlwaysUp

Next, and more importantly, AlwaysUp never keeps, tracks or transmits your Windows password after it creates (or updates) a service.

Instead, AlwaysUp hands your password to the Windows Services layer (via the CreateService or ChangeServiceConfig API functions), which stores the password securely. In that way, your password is handled just as safely as it is with the trusted operating system tools, like the Services application.

Specifically, the Service Control Manager — which launches and initializes services — stores the password with LsaStorePrivateData. And when it’s ready to start a service, the SCM calls LsaRetrievePrivateData to retrieve the service’s password. After the initial creation, AlwaysUp is simply not involved.

AlwaysUp doesn’t include your password when you export

As another important security measure, AlwaysUp does not (actually, cannot) include your Windows password when you export your application to an XML file. Instead, you will see ENTER A PASSWORD in the password field:

AlwaysUp doesn't export your Windows password

Because AlwaysUp saves a placeholder instead of your password, you will have to re-enter your password when you import the XML file. However our team thought that was a small inconvenience to avoid leaking a sensitive password.

A note on Excel as a service

Please be sure to follow our tutorial showing how to run Excel 2013 with AlwaysUp. Please heed the comment about automation at the top of the page. Unfortunately, not all Excel functions operate properly in the context of a background Windows Service.

Best of luck with Excel!

Posted in AlwaysUp | Tagged , , , | Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *