NetworkService and LocalService accounts

L

Les

I have a situation where one of the helpdesk techs reset permissions on the
entire Docs&Settings folder on 10 PCs. (thus inheriting from the C: drive).

I have fixed all of the profiles and folders except the NetworkService and
LocalService profiles as I can't seem to find these accounts in the listing.

Does anyone know of a way to re-add these accounts short of re-imaging?
Aretheir SIDs consistent so if I go to a working machine and derive its SID
I can use that to add it to the others?

TIA,
Les Bowman
 
W

Wesley Vogel

\Documents and Settings\LocalService
and
\Documents and Settings\NetworkService
are Hidden folders.

So is
\Documents and Settings\Default User

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/kb/302347

To display Hidden files and folders...

Start | Settings | Control Panel | Folder Options | View tab
Check:
Display the contents of system folders
and
Show hidden files and folders
UNCheck:
Hide extensions for known file types
and
Hide protected operating system files (Recommended)
Click Apply | Click OK

When you uncheck: Hide protected operating system files,
you will get this message...

Warning
----------
You have chosen to display protected operating system files (files labeled
System and Hidden) in Windows Explorer.These files are required to start and
run Windows. Deleting or editing them can make your computer inoperable.Are
you sure you want to display these files?
----------

Click YES.

[[Hidden files and folders will appear dimmed to indicate they are not
typical items.]]


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
 
L

Les

I can see the folders for the two profiles but when I go to re-add the LOCAL
SERVICE [ls] or NETWORK SERVICE [ns] (WinXP caps them) accounts onto the
appropriate profile(s) they do not appear in the list, there is a NETWORK
local account but I am guessing that is not the same as NS.

The ACLs on the folder themselves got hosed when the tech the clicked the
'reset permissions and propogate to subfolders' so EVERYONE got full control
access to every profile directory. Since I can't find the the LS or NS
accounts in the drop down I can't make the ACL match an untouched machine
(Admin, System and LS or NS has FC on the folder).

I guess I need to know how big a deal it is, can I leave 'everyone' on the
folder and not worry about it? I'd rather set the ACLs back to the way they
were but I'd like not to have to reimage the machines because some tech went
mucking about.

Either way when I have time to get the SID(s) from an untouched box for the
accounts I'll try to use that to add the appropriate account to the folders
and report back on how it went.

Thanks,
Les

Wesley Vogel said:
\Documents and Settings\LocalService
and
\Documents and Settings\NetworkService
are Hidden folders.

So is
\Documents and Settings\Default User

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/kb/302347

To display Hidden files and folders...

Start | Settings | Control Panel | Folder Options | View tab
Check:
Display the contents of system folders
and
Show hidden files and folders
UNCheck:
Hide extensions for known file types
and
Hide protected operating system files (Recommended)
Click Apply | Click OK

When you uncheck: Hide protected operating system files,
you will get this message...

Warning
----------
You have chosen to display protected operating system files (files labeled
System and Hidden) in Windows Explorer.These files are required to start and
run Windows. Deleting or editing them can make your computer inoperable.Are
you sure you want to display these files?
----------

Click YES.

[[Hidden files and folders will appear dimmed to indicate they are not
typical items.]]


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Les said:
I have a situation where one of the helpdesk techs reset permissions on
the entire Docs&Settings folder on 10 PCs. (thus inheriting from the C:
drive).

I have fixed all of the profiles and folders except the NetworkService and
LocalService profiles as I can't seem to find these accounts in the
listing.

Does anyone know of a way to re-add these accounts short of re-imaging?
Aretheir SIDs consistent so if I go to a working machine and derive its
SID I can use that to add it to the others?

TIA,
Les Bowman
Click to expand...
Click to expand...
 
W

Wesley Vogel

Are their SIDs consistent so if I go to a working machine and derive its
SID I can use that to add it to the others?
Click to expand...

Should be...

SID: S-1-5-19
Name: NT Authority
Description: Local Service

SID: S-1-5-20
Name: NT Authority
Description: Network Service

This key lists all of the SIDs.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList

To tell which user has which SID, click on each SID, look at
ProfileImagePath, the Data has the user name at the end of the path. I.e.
%SystemDrive%\Documents and Settings\Wesley P. Vogel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList\S-1-5-19
%SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList\S-1-5-20
%SystemDrive%\Documents and Settings\NetworkService

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Les said:
I can see the folders for the two profiles but when I go to re-add the
LOCAL SERVICE [ls] or NETWORK SERVICE [ns] (WinXP caps them) accounts
onto the appropriate profile(s) they do not appear in the list, there is
a NETWORK local account but I am guessing that is not the same as NS.

The ACLs on the folder themselves got hosed when the tech the clicked the
'reset permissions and propogate to subfolders' so EVERYONE got full
control access to every profile directory. Since I can't find the the LS
or NS accounts in the drop down I can't make the ACL match an untouched
machine (Admin, System and LS or NS has FC on the folder).

I guess I need to know how big a deal it is, can I leave 'everyone' on the
folder and not worry about it? I'd rather set the ACLs back to the way
they were but I'd like not to have to reimage the machines because some
tech went mucking about.

Either way when I have time to get the SID(s) from an untouched box for
the accounts I'll try to use that to add the appropriate account to the
folders and report back on how it went.

Thanks,
Les

Wesley Vogel said:
\Documents and Settings\LocalService
and
\Documents and Settings\NetworkService
are Hidden folders.

So is
\Documents and Settings\Default User

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/kb/302347

To display Hidden files and folders...

Start | Settings | Control Panel | Folder Options | View tab
Check:
Display the contents of system folders
and
Show hidden files and folders
UNCheck:
Hide extensions for known file types
and
Hide protected operating system files (Recommended)
Click Apply | Click OK

When you uncheck: Hide protected operating system files,
you will get this message...

Warning
----------
You have chosen to display protected operating system files (files
labeled System and Hidden) in Windows Explorer.These files are required
to start and run Windows. Deleting or editing them can make your
computer inoperable.Are you sure you want to display these files?
----------

Click YES.

[[Hidden files and folders will appear dimmed to indicate they are not
typical items.]]


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Les said:
I have a situation where one of the helpdesk techs reset permissions on
the entire Docs&Settings folder on 10 PCs. (thus inheriting from the C:
drive).

I have fixed all of the profiles and folders except the NetworkService
and LocalService profiles as I can't seem to find these accounts in the
listing.

Does anyone know of a way to re-add these accounts short of re-imaging?
Aretheir SIDs consistent so if I go to a working machine and derive its
SID I can use that to add it to the others?

TIA,
Les Bowman
Click to expand...
Click to expand...
Click to expand...
 
L

Les

Ah much better info thank you, Wes. I didn't know about the regkey that had
the SIDs/profile path, I'll be filing that one away.

I did end up getting it but I went another way..
I used xcacls.vbs to query a 'clean' machine to get that the whole account
name was "nt authority\network service"

then used xcacls.vbs to replace the permissions on one of the machines:

xcalcs "\\PC1\c$\documents and settings\networkservice" /P "NT
Authority\Network Service":F
xcalcs "\\PC1\c$\documents and settings\localservice" /P "NT Authority\Local
Service":F

I then connected to the admin share and added back on the local admin and
system accounts, took ownership and reset perms on the folders.

Thank you again for the info Wes, I'll mix and match the rest to get
proficient.

Les Bowman

Wesley Vogel said:
Are their SIDs consistent so if I go to a working machine and derive its
SID I can use that to add it to the others?
Click to expand...

Should be...

SID: S-1-5-19
Name: NT Authority
Description: Local Service

SID: S-1-5-20
Name: NT Authority
Description: Network Service

This key lists all of the SIDs.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList

To tell which user has which SID, click on each SID, look at
ProfileImagePath, the Data has the user name at the end of the path. I.e.
%SystemDrive%\Documents and Settings\Wesley P. Vogel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList\S-1-5-19
%SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList\S-1-5-20
%SystemDrive%\Documents and Settings\NetworkService

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Les said:
I can see the folders for the two profiles but when I go to re-add the
LOCAL SERVICE [ls] or NETWORK SERVICE [ns] (WinXP caps them) accounts
onto the appropriate profile(s) they do not appear in the list, there is
a NETWORK local account but I am guessing that is not the same as NS.

The ACLs on the folder themselves got hosed when the tech the clicked the
'reset permissions and propogate to subfolders' so EVERYONE got full
control access to every profile directory. Since I can't find the the LS
or NS accounts in the drop down I can't make the ACL match an untouched
machine (Admin, System and LS or NS has FC on the folder).

I guess I need to know how big a deal it is, can I leave 'everyone' on the
folder and not worry about it? I'd rather set the ACLs back to the way
they were but I'd like not to have to reimage the machines because some
tech went mucking about.

Either way when I have time to get the SID(s) from an untouched box for
the accounts I'll try to use that to add the appropriate account to the
folders and report back on how it went.

Thanks,
Les

Wesley Vogel said:
\Documents and Settings\LocalService
and
\Documents and Settings\NetworkService
are Hidden folders.

So is
\Documents and Settings\Default User

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/kb/302347

To display Hidden files and folders...

Start | Settings | Control Panel | Folder Options | View tab
Check:
Display the contents of system folders
and
Show hidden files and folders
UNCheck:
Hide extensions for known file types
and
Hide protected operating system files (Recommended)
Click Apply | Click OK

When you uncheck: Hide protected operating system files,
you will get this message...

Warning
----------
You have chosen to display protected operating system files (files
labeled System and Hidden) in Windows Explorer.These files are required
to start and run Windows. Deleting or editing them can make your
computer inoperable.Are you sure you want to display these files?
----------

Click YES.

[[Hidden files and folders will appear dimmed to indicate they are not
typical items.]]


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Les <[email protected]> hunted and pecked:
I have a situation where one of the helpdesk techs reset permissions on
the entire Docs&Settings folder on 10 PCs. (thus inheriting from the C:
drive).

I have fixed all of the profiles and folders except the NetworkService
and LocalService profiles as I can't seem to find these accounts in the
listing.

Does anyone know of a way to re-add these accounts short of re-imaging?
Aretheir SIDs consistent so if I go to a working machine and derive its
SID I can use that to add it to the others?

TIA,
Les Bowman
Click to expand...
Click to expand...
Click to expand...
 
W

Wesley Vogel

Glad you got it worked out, Les. :)

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Les said:
Ah much better info thank you, Wes. I didn't know about the regkey that
had the SIDs/profile path, I'll be filing that one away.

I did end up getting it but I went another way..
I used xcacls.vbs to query a 'clean' machine to get that the whole account
name was "nt authority\network service"

then used xcacls.vbs to replace the permissions on one of the machines:

xcalcs "\\PC1\c$\documents and settings\networkservice" /P "NT
Authority\Network Service":F
xcalcs "\\PC1\c$\documents and settings\localservice" /P "NT
Authority\Local Service":F

I then connected to the admin share and added back on the local admin and
system accounts, took ownership and reset perms on the folders.

Thank you again for the info Wes, I'll mix and match the rest to get
proficient.

Les Bowman

Wesley Vogel said:
Are their SIDs consistent so if I go to a working machine and derive its
SID I can use that to add it to the others?
Click to expand...

Should be...

SID: S-1-5-19
Name: NT Authority
Description: Local Service

SID: S-1-5-20
Name: NT Authority
Description: Network Service

This key lists all of the SIDs.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList

To tell which user has which SID, click on each SID, look at
ProfileImagePath, the Data has the user name at the end of the path.
I.e. %SystemDrive%\Documents and Settings\Wesley P. Vogel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList\S-1-5-19
%SystemDrive%\Documents and Settings\LocalService

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\ProfileList\S-1-5-20
%SystemDrive%\Documents and Settings\NetworkService

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In
Les said:
I can see the folders for the two profiles but when I go to re-add the
LOCAL SERVICE [ls] or NETWORK SERVICE [ns] (WinXP caps them) accounts
onto the appropriate profile(s) they do not appear in the list, there is
a NETWORK local account but I am guessing that is not the same as NS.

The ACLs on the folder themselves got hosed when the tech the clicked
the 'reset permissions and propogate to subfolders' so EVERYONE got full
control access to every profile directory. Since I can't find the the LS
or NS accounts in the drop down I can't make the ACL match an untouched
machine (Admin, System and LS or NS has FC on the folder).

I guess I need to know how big a deal it is, can I leave 'everyone' on
the folder and not worry about it? I'd rather set the ACLs back to the
way they were but I'd like not to have to reimage the machines because
some tech went mucking about.

Either way when I have time to get the SID(s) from an untouched box for
the accounts I'll try to use that to add the appropriate account to the
folders and report back on how it went.

Thanks,
Les

\Documents and Settings\LocalService
and
\Documents and Settings\NetworkService
are Hidden folders.

So is
\Documents and Settings\Default User

HOW TO: Search For Hidden Or System Files In Windows XP
http://support.microsoft.com/kb/302347

To display Hidden files and folders...

Start | Settings | Control Panel | Folder Options | View tab
Check:
Display the contents of system folders
and
Show hidden files and folders
UNCheck:
Hide extensions for known file types
and
Hide protected operating system files (Recommended)
Click Apply | Click OK

When you uncheck: Hide protected operating system files,
you will get this message...

Warning
----------
You have chosen to display protected operating system files (files
labeled System and Hidden) in Windows Explorer.These files are required
to start and run Windows. Deleting or editing them can make your
computer inoperable.Are you sure you want to display these files?
----------

Click YES.

[[Hidden files and folders will appear dimmed to indicate they are not
typical items.]]


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In Les <[email protected]> hunted and pecked:
I have a situation where one of the helpdesk techs reset permissions
on the entire Docs&Settings folder on 10 PCs. (thus inheriting from
the C: drive).

I have fixed all of the profiles and folders except the NetworkService
and LocalService profiles as I can't seem to find these accounts in
the listing.

Does anyone know of a way to re-add these accounts short of
re-imaging? Aretheir SIDs consistent so if I go to a working machine
and derive its SID I can use that to add it to the others?

TIA,
Les Bowman
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Windows XP moving localservice and networkservice in xp 0
"Access is denied" for LocalService and NetworkService accounts?? 1
broken NT AUTHORITY\LocalService and NetworkService Accounts 1
Restoring folders LocalService, NetworkService and Default User 1
What belongs in C:\Documents and Settings\LocalService 4
LocalService and NetworkService System Accounts 4
To many XP accounts.... 2
Too many XP accounts 1

Top