security beyond Admin's control??

[John S.]

In XP Pro, I've found that under Control
Panel/Administative Tools/Local Security Policy, all
policies listed indicate the top-level security setting
as "Administrator", as I'd expect...except for three that
show "SUPPORT_########" (actual numbers not shared in
case it could allow unathorized access.)

The policies with this latter security setting include:
1) Deny logon locally,
2) Deny access to this computer from a network, and
3) Log on as a batch job.
These are all things that concern me if SUPPORT_########
is an external agent; I thought Administrator was the
highest and only power in the system, and would have
expected it to be for the listed functions ("policies").

I'm on broadband cable, a single use computer, with 2
user accounts. Does anyone know the significance of
these notations?

Thnks, John.

 

[David Jones]

That particular account is a special account for Remote
Assistance/Help and Support that is created by the OS
during setup.

It is actually a good thing that it is in the policies
you mention:

Deny logon locally - this means that nobody can use this
account to log on at the machine itself.

Deny access to this computer from a network - this means
that nobody can use this account to access the computer
remotely.

Log on as a batch job - this allows the account to log on
for specific scheduled functions only.

If Administrator was in the Deny policies, you'd never be
able to log onto the system with that account!