Local System account and network resource access

Discussion in 'Microsoft Windows 2000 File System' started by Guest, Aug 18, 2007.

  1. Guest

    Guest Guest

    Does anyone know whether the system account NT AUTHORITY/SYSTEM is able to
    access network resource like ordinary authenticated user?

    According to my research it appears it should be able. I have tried it but
    it always give me an "Access denied" error message. I simply try to do a "dir
    \\xxx.xx.xx.xx\shareName" command.

    Everything works for me with what was described in the following link
    (except I can't access network resource).
    Guest, Aug 18, 2007
    1. Advertisements

  2. No. The local System account cannot access any networked resources.
    This is by design.
    Pegasus \(MVP\), Aug 18, 2007
    1. Advertisements

  3. Guest

    jorgen Guest

    It is restricted to use a null session when connecting to a network. So
    to get in, anonymous access must have been granted
    jorgen, Aug 18, 2007
  4. Guest

    Guest Guest

    <quote> The local System account cannot access any networked resources.
    This is by design. </quote>

    Is there are exceptions? When we define a share in machine1, I thought we
    can if delete all users in the permission list but add a machine name
    (domanName\machine2$) in the permission list, that would mean I allow this
    share to be accessable by ANY users ( including a local system user ) as long
    as the user sits on machine2.
    Guest, Aug 19, 2007
  5. As I said, the System account has no access to shared resources.
    If it had access then this would open a nice can of works, e.g.
    issues with passwords and issues with accessing shares on
    other computers for which you have no access privileges.

    If you explain what you're actually trying to do then someone
    may offer a solution that does not involve the System account.
    Pegasus \(MVP\), Aug 19, 2007
  6. Guest

    Guest Guest

    No, we don't have any problem to do what we try to do via a scheduled task if
    it is run under a normal user acccount.

    Then someone suggests we should be able to do the same without a (Domain)
    user account and he said he had seen some tasks running that access shared
    resources without problem. I tried very hard for many hours but still
    receiving the "access denied" message. That is why I ask here.

    If there no ways we can specify a share that allows the scheduled task to
    access network resource, our discussion (within IT team in our Company) is
    Guest, Aug 19, 2007
  7. If a domain account has access to a shared resource then
    this domain account can be used either for console sessions
    or for scheduled tasks. Test the account in the foreground
    first, then use it under the Task Scheduler.

    Note that accounts used by the Task Scheduler ***must***
    have a non-blank password.
    Pegasus \(MVP\), Aug 19, 2007
  8. Guest

    Guest Guest

    Sorry you must read my post wrongly when you place your last response, which
    is not helpful at all. If we want to continue running a scheduled task under
    a domain account, there wasn't any issues, no issues at all.

    I want to ask if a scheduled task is running under the local system account
    (NT AUTHORITY/SYSTEM), can it access network resource ? (such as
    reading/writing a file in another computer). I know your previous answer was
    negative. Do you know where is the MS reference article I can refer to, to
    confirm this?

    Initially I thought the access should present no problems. This is because
    when we define the share permission of a folder, it is possible to select a
    'computer' grant permission to that computer. This is entered with
    "domainName\computerName$", after checking "computer" in object type. But I
    find my test fails (it gives out 'access denied').
    Guest, Aug 19, 2007
  9. See below.

    *** Great.
    *** No, I don't. I suggest you do some googling.
    *** I'm not surprised. I can see these options for you:
    a) Accept what experienced server/network administrators tell
    you and use a domain account.
    b) Spend the time and energy to get to the bottom of this issue
    by drilling down into the MS Knowledge Base. This could be
    a time-consuming exercise but it will give you a deep sense of
    satisfaction when you find the authoritative answer you're
    looking for. I bet that you will be directed back to Option a).
    Pegasus \(MVP\), Aug 19, 2007
  10. Guest

    Guest Guest

    A plain answer like this is inspiring.

    Guest, Aug 21, 2007
  11. You might want to reflect about what you can expect in a
    newsgroup from a total stranger who is willing to give some
    of his time to help you. IMHO it is unreasonable to expect
    a respondent to do your homework for you. Instead of your
    sarcastic reply I would have expected something like "Thank
    you for your help - I will now do my own research".

    If you're serious about this question and if you're prepared
    to pay for an answer then there is always "Google paid questions":
    Pegasus \(MVP\), Aug 21, 2007
  12. Guest

    Guest Guest

    Just create an account with admin rights for this purpose. The account does
    not have to belong to anyone. The account would be used to run such task.
    Guest, Aug 22, 2007
  13. Guest

    Frank Wolf

    Aug 28, 2018
    Likes Received:
    Hi Pagasus,

    sorry, but give back your MVP.
    Completly wrong,
    I had a test today, wehre i can access a share with the Loclal System Account!

    Simply put the Machines Name from ADS into the local Admins Group and u may Access even the Admin Share$.

    Mfg. Frank.
    Frank Wolf, Aug 28, 2018
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.