What is a SYSTEM or NETWORK SERVICE account?

[Jason Freeman]

I was looking under the Task Scheduler, and some tasks are set to run using
one of the following accounts:

1.) SYSTEM
2.) NETWORK SERVICE
3.) Authenticated Users
4.) LOCAL SERVICE
5.) Users

What are these accounts? Is it possible to login as them? Why do they
exist and what purpose do they serve?

Jason

 

[Jimmy Brush]

I was looking under the Task Scheduler, and some tasks are set to run
using one of the following accounts:
[...]

What are these accounts? [...] Why do they exist and what purpose do they serve?

These are built-in accounts or account groups.

The built-in accounts are the system accounts that "your computer is
logged in as". There are multiple accounts in order to artificially
limit what the system can do depending on what it is doing. This
increases the security of your computer, as Windows security can allow
or deny the computer access to something depending on which system
account it is using.

Besides Windows operating system programs, third-party software that
install service programs or scheduled tasks can use these accounts.

Built-in groups are kind of like tags that Windows puts on a user
account when the account logs in. It is used by windows security to
allow or deny a user access to resources based on this special
information (i.e., are they logged in over the network, have they
entered a password or not, etc.).

Some built-in groups are used for management purposes. You control which
users belong to these groups, and they exist to allow you to easily
control what privileges the users on your computer are assigned (e.g.
the users and administrators groups).

1.) SYSTEM

This account is used by system programs and has the full privileges of
the computer.

2.) NETWORK SERVICE

This account is used by system programs that run on your computer that
need access to the network.

3.) Authenticated Users

This group is used to identify users that have logged in with a username
and password.

4.) LOCAL SERVICE

This account is used by system programs that run on your computer but do
not need access to the network.

5.) Users

This group is used to identify the users of the computer. As an
administrator, you control who is in this group.

Is it possible to login as them?

You cannot log in as a group.

When you see a group like this in task scheduler, it usually means that
the scheduled task will run whenever any user of that group logs in.

You cannot easily log in as a system account, but I would not say it is
impossible.

 

[Jason Freeman]

Jimmy,

Excellent information! You explained that very well.

If I may ask, where did you learn this? I'd like to read up in more detail
about the accounts myself.

Jason

I was looking under the Task Scheduler, and some tasks are set to run
using one of the following accounts:
[...]

What are these accounts? [...] Why do they exist and what purpose do they
serve?

These are built-in accounts or account groups.

The built-in accounts are the system accounts that "your computer is
logged in as". There are multiple accounts in order to artificially limit
what the system can do depending on what it is doing. This increases the
security of your computer, as Windows security can allow or deny the
computer access to something depending on which system account it is
using.

Besides Windows operating system programs, third-party software that
install service programs or scheduled tasks can use these accounts.

Built-in groups are kind of like tags that Windows puts on a user account
when the account logs in. It is used by windows security to allow or deny
a user access to resources based on this special information (i.e., are
they logged in over the network, have they entered a password or not,
etc.).

Some built-in groups are used for management purposes. You control which
users belong to these groups, and they exist to allow you to easily
control what privileges the users on your computer are assigned (e.g. the
users and administrators groups).

1.) SYSTEM

This account is used by system programs and has the full privileges of the
computer.

2.) NETWORK SERVICE

This account is used by system programs that run on your computer that
need access to the network.

3.) Authenticated Users

This group is used to identify users that have logged in with a username
and password.

4.) LOCAL SERVICE

This account is used by system programs that run on your computer but do
not need access to the network.

5.) Users

This group is used to identify the users of the computer. As an
administrator, you control who is in this group.

Is it possible to login as them?

You cannot log in as a group.

When you see a group like this in task scheduler, it usually means that
the scheduled task will run whenever any user of that group logs in.

You cannot easily log in as a system account, but I would not say it is
impossible.

 

[cquirke (MVP Windows shell/user)]

You cannot easily log in as a system account, but I would not say it is
impossible.

Try this in Vista, as tested in Vista64 RTM:
- Regedit, Yes to the UAC prompt
- navigate to each HKLM\System\*ControlSet*\SafeBoot
- export the Alternate Shell key
- fill this key with garbage (yes, you'll be allowed to)
- Shutdown, Restart
- F8, choose Safe Mode Command Prompt Only
- are you surprised to see Explorer as shell?
- create a file on "the desktop" with a unique name
- Shutdown, Restart
- find the file you created from Safe Mode; where is it?
- what rights were you operating under in that session?
- Regedit, Yes to the UAC prompt
- navigate to each HKLM\System\*ControlSet*\SafeBoot
- import the Alternate Shell keys you'd saved

--------------- ----- ---- --- -- - - -

Error Messages Are Your Friends

 

[Jimmy Brush]

Jimmy,

Excellent information! You explained that very well.

If I may ask, where did you learn this? I'd like to read up in more
detail about the accounts myself.

You're welcome

I learned it from a bunch of different sources over time... I can't
really point my finger at something in particular.

Like yourself, I was curious and sought the knowledge .

I did find some websites for you that go into some aspects of user accounts:

http://www.lockergnome.com/nexus/it/2004/10/29/certification-success-implicit-groups/
http://www.microsoft.com/technet/security/guidance/serversecurity/serviceaccount/sspgch02.mspx
http://www.ss64.com/ntsyntax/security_groups.html
http://www.microsoft.com/technet/archive/winntas/evaluate/featfunc/04wntpcb.mspx?mfr=true


- JB