I have a service on Windows 2003 Server that needs to access a webdav resource as a UNC Path. The purpose of this service is to verify (and take corrective actions) webdav functionality to sharepoint. The idea is to write a file to sharepoint, and verify it’s contents. If something goes wrong and the threshold was exceeded the mrxdav and webclient service will be restarted.

I run the service under a service account that is local admin on the 2003 server and has access to the sharepoint “folder”. (I verified this by logging in with the service account and write a file to the same folder).

When the service tries to write a file to this folder it fails with ACCESS DENIED, process monitor shows that the service runs under LocalSystem and Impersonates my service account

I also tried to Impersonate the service account from my code using LogonUser and LogonUserEx (with the various options for logon interactive, network, network cleartext and providers) followed by ImpersonateUser but all result in the same ACCESS DENIED.

I presume this is something specific to a service using the WebClient service.
My code is written in Delphi but I’ve added the c tags as well to attract more readers since I don’t think my problem is Delphi related.

EDIT: Perhaps relevant, I am running a seperate Thread that actually accesses the WebDav share.

EDIT: As a workaround I am create a network connection using explicit credentials using the following code:

function TGuardThread.Map(const Username: String; var Password: String;
  const Domain: String): Boolean;
var
  nr: NETRESOURCE;
  dwRes: DWORD;
begin
  try
    ZeroMemory(@nr, SizeOf(nr));
    nr.dwType := RESOURCETYPE_ANY;
    nr.lpRemoteName := PChar('\\mywebdavroot\myfolder');

    dwRes := WNetAddConnection2(nr, PChar(Password),
      PChar(Format('%s\%s', [Domain, Username])), CONNECT_UPDATE_PROFILE);

    Result := dwRes = NO_ERROR;
  finally
    if Length(Password) > 0 then
      SecureZeroMemory(@Password[1], Length(Password) * SizeOf(Char));
  end;
end;