web analytics
Understanding Windows Accounts: Local Service, Local System or Network Service Options
codeling
Posted: Thursday, May 4, 2017 1:41:17 PM

Rank:Advanced Member
Groups: Member
Joined: 12/11/2015
Posts: 919
Points: 3861

In earlier versions of Windows, most system services run under the powerful SYSTEM (aka Local System) account. Because most services don't need SYSTEM-level authority, Microsoft created the two new principals with less authority than SYSTEM and reconfigured many of the services on Windows 2003 and XP to run as either Local Service or Network Service.

  • Local System is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network. The actual name of the account is "NT AUTHORITY\SYSTEM".
  • The Local Service account is a built-in account that has the same level of access to resources and objects as members of the Users group. This limited access helps safeguard the system if individual services or processes are compromised. Services that run as the Local Service account access network resources as a null session without credentials. Be aware that the Local Service account is not supported for the SQL Server or SQL Server Agent services. The actual name of the account is "NT AUTHORITY\LOCAL SERVICE".
  • The Network Service account is a built-in account that has more access to resources and objects than members of the Users group. Services that run as the Network Service account access network resources by using the credentials of the computer account. The actual name of the account is "NT AUTHORITY\NETWORK SERVICE"
Sponsor
Posted: Thursday, May 4, 2017 1:41:17 PM
 
codeling
Posted: Thursday, May 4, 2017 1:42:20 PM

Rank:Advanced Member
Groups: Member
Joined: 12/11/2015
Posts: 919
Points: 3861

Most services do not need such a high privilege level. If your service does not need these privileges, and it is not an interactive service, consider using the LocalService account or the NetworkService account.

Users browsing this topic
Guest

Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.


© 2017 Digcode.com. All rights reserved.