windows service(accounttype)

T

Tony Johansson

Hello!

The docs for account type LocalSystem says the following.
"Setting this value specifies that the services uses a highly privileged
user account on the local system, but this account presents an anonymous
user to the network. Thus it doesn't have rights on the network."

What does it mean when the text says that this account presents an anonymous
user to the network ?

The docs for account type LocalService says the following.
"Thus account type presents the computer's credentials to any remote
server".
What does that mean ?

//Tony
 
J

Jeff Johnson

First I'll say that I'm not an expert in this area, so do more research than
just taking my word for it....
The docs for account type LocalSystem says the following.
"Setting this value specifies that the services uses a highly privileged
user account on the local system, but this account presents an anonymous
user to the network. Thus it doesn't have rights on the network."

What does it mean when the text says that this account presents an
anonymous
user to the network ?
Click to expand...

Presenting an anonymous user to the network means that it passes credentials
which are basically null. I don't know if a service running as LocalSystem
would be able to access a share that was mapped to Everyone or not. (Perhaps
things have changed, but I thought Everyone meant just that: everyone who
has access to the physical network, whether authenticated or not.) You could
always test....
The docs for account type LocalService says the following.
"Thus account type presents the computer's credentials to any remote
server".
What does that mean ?
Click to expand...

A computer has an account just like any user has an account. This means that
a SID is associated with the computer. This isn't particularly useful unless
your computer is connected to an Active Directory domain, in which case it
is how AD recognizes your computer. For example, whenever I've gotten a new
computer at work, I've had to ask my IT folks to delete my old computer from
the domain so that when I set up the new computer with the same name it can
be added to the domain.

When you use the LocalService account and it performs actions over the
network (which actually I didn't think was possible and was why the Network
Service account existed!) apparently the credentials that that account uses
are the computer's and not any particular user's.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Question about Windows services accounts 2
Windows Services and network printers 10
regioninfo class 1
Windows service 5
UnauthorizedAccessException in service. Confused 5
Totally lost with c# web service execution as remote identity 2
Accessing the regsitry via a service 4
protection mechanism of account networkservice 3

Top