Run Dropbox as service with unprivileged user account on windows
This HowTo describes how to run a Dropbox http://www.getdropbox.com as non privileged user on Microsoft(R) Windows(R).
In order to follow this HowTo you should already have a Dropbox account. It does not matter if you have a free account (~2GB of webspace) or a business account (up to 100GB of webspace). The techniques we use will be the same.
In order to fill the Dropbox we need a server running the Dropbox executable. This can be any supported platform that can run Dropbox and present the public folder of the Dropbox as file share. This HowTo uses a Windows File Server (Windows Server 2003) and the Dropbox utility for Windows.
Install the Dropbox executable as non administrative user
This documentation assumes that we have a Windows Server 2003.
Logon as local Administrator to the machine.
Create a local user dropboxer
net user dropboxer <password> /add
So we now have a local user:
Username: dropboxer Password: <password>
Prepare the local dropbox folder
Create an empty directory that should hold the Dropbox, in this example “F:\My DropBox”
mkdir "F:\My Dropbox
and allow the user “dropboxer” Full Access
cacls "F:\My Dropbox" /E /R "CREATOR OWNER" cacls "F:\My Dropbox" /E /T /G "dropboxer":F
Install the Dropbox binaries
Logon as user dropboxer to the machine or open a CMD.EXE as “dropboxer” with:
runas /profile /user:dropboxer cmd.exe color 9f
This will create the user profile for the local user “dropboxer” under
C:\Documents and Settings\dropboxer
We now start the Dropbox Setup Utility
You will see a window that asks for administrative credentials.
YOU MUST CLICK “CANCEL” HERE
DO NOT CHOOSE THE ADMINISTRATIVE ACCOUNT HERE
If you press cancel the following message will be presented:
Some features may be disabled if you install Dropbox without administrator rights. Continue?
We accept this with Yes .
The setup will start and we choose the following options
If you see the window “Connection Errors” then choose “Connection options” and setup your connection preferences eg.:
Then we see the dropbox account setup
- –> [x] I already have a Dropbox account
- –> Next
Email : <your email> Password : <your dropbox password> Compuer Name: <your computer>
Now you will see:
Welcome to Dropbox, <yourname>!
We press Skip tour and finish
Now you can setup the folder location for your Dropbox, we select:
- –> [x] I want to choose where to put my Dropbox folder
- –> Change
- –> Dropbox Folder Location: F:
Since we already created that folder we get the message:
"There is already a folder here called My Dropbox. Do you want to merge all the existing files in that folder into your Dropbox?"
We accept and finish:
- –> OK
- –> Finish
The Dropbox Tray Icon starts. KEEP IN MIND IT IS RUNNING AS USER “dropboxer”
We right click on the Dropbox Tray Icon and select Preferences/GENERAL and setup/disable/enable the following:
[ ] Show system tray notifications --> NOT SELECTED [ ] Start Dropbox on system startup --> NOT SELECTED
- –> APPlY
- –> OK
Make sure you disable both options!
Stop the Dropbox Tray Icon now by right clicking on it and selecting Exit. Since we changed the settings not to start the Dropbox automatically at user logon, the Dropbox tray icon should never automatically appear again.
Setup the Dropbox binary as a service
To create a service for the Dropbox binary, we need two utilities from Microsoft.
We copy them to the local installation folder of our Dropbox:
mkdir "C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin" copy "C:\_SWSetup_\DropBox\srvany\srvany.exe" "C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin" copy "C:\_SWSetup_\DropBox\srvany\instsrv.exe" "C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin"
Now we setup the service
cd /d "C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin" instsrv.exe DropBox "C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin\srvany.exe"
This might be also possible using the command sc on newer windows versions!
The commands should result in
The service was successfuly added! Make sure that you go into the Control Panel and use the Services applet to change the Account Name and Password that this newly installed service will use for its Security Context.
The service is now created in the registry and needs some fine tuning
Open regedit.exe and the following key:
- Create a new key Parameters
- Select Parameters –> Right Click –> String Value –> “Application”
- Double click Appliation and change its value to:
C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin\Dropbox.exe
The key we created will result in:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DropBox\Parameters] "Application"="C:\\Documents and Settings\\dropboxer\\Application Data\\Dropbox\\bin\\Dropbox.exe"
You can also enter a description for the service in the following key:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DropBox] "Description"="Runs a DropBox as a single user."
Now we open services.msc and configure the Dropbox service
- General –> Startup type: “Automatic”
- Log On –> This account –> .\dropboxer
- Password : <yourpassword>
- Confirm Pwd: <yourpassword>
- –> apply
This should result in the message:
"The account .\dropboxer has been granted the Log On As A Service right."
We accept this with OK.
On the recovery tab of the service we enter the following options:
- –> First failure : Restart the Service
- –> Second failure : Restart the Service
- –> Subsequent failures : Take No Action
- –> Reset fail count after 1 days
- –> Restart service after 1 minutes
- –> Apply –> OK
Now we can start the service. It should start without any problems! Use the taskmanager to find an instance of dropbox.exe running as dropboxer to verify the successfull start.
more fine tuning
Since I don't want that someone will ever start the Dropbox manually, I deleted all Shortcuts, Icons whatever that appeared in the startmenu or desktop to execute the dropbox executable. This server has only 2 accounts (Administrator for administrative tasks) and the dropbox user. So I had to make sure, that no Administrator accidentely starts the dropbox a second time. - I created a shortcut on the all users desktop (with the nice dropbox icon) that points to this batch-file I created:
@echo off CLS for /F "USEBACKQ" %%a IN (`tasklist /NH /FI "IMAGENAME eq dropbox.exe"`) DO ( IF /I "%%a"=="Dropbox.exe" ( color 4E ECHO You have to stop the DropBox Service before you are able to start ECHO the DropBox Tray Icon for administrative tasks ECHO. ECHO Make sure you restart the service afterwards! ECHO. ECHO If you have any questions ask the administrator! ECHO. PAUSE EXIT) ELSE ( "C:\WINDOWS\system32\runas.exe" /profile /savecred /user:dropboxer "C:\Documents and Settings\dropboxer\Application Data\Dropbox\bin\Dropbox.exe" ) )
Run it once as administrator to save the credentials. Now if you need to start Dropbox (for administrative tasks) and click on the Shortcut on the desktop you get an error message, when dropbox is running as a service in the background. If you stopped the service the shortcut starts the dropbox icon and you can do your administrative tasks.
I think this solution is also a good starting point if you want to run multiple dropboxes on one system. And of course you can create multiple accounts and multiple services for multiple dropboxes with this documentation.