Thursday, December 30, 2010

Local Service vs Network Service vs Local System Account


Local Service

The LocalService account is a predefined local account used by the service control manager.It has minimum privileges on the local computer and presents anonymous credentials on the network. Name of the account must be NT AUTHORITY\LocalService.

Network Service

The NetworkService account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and acts as the computer on the network. A service that runs in the context of the NetworkService account presents the computer's credentials to remote servers. Network Service presents the machine credentials on the network, the remote token contains the "EveryOne" and "Authenticated User" group SIDs.

Local System

The LocalSystem account is a predefined local account used by the service control manager. It has extensive privileges on the local computer, Local System acts as the machine account on the network. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .\LocalSystem. The name, LocalSystem or ComputerName\LocalSystem can also be used. Localsystem is the most privileged account in a system, it's the only account that is able to access the security database (HKLM\Security). It's token contains the SID's of NT_AUTHORITY\SYSTEM and Builtin\Administrators.


Running a service as Local System is not recommended because it has powerful access to local resources, and Network Service should be used if possible.
A Local service running as Local System and Network Service behaves the same. It is because the local service running as Local System or Network Service is authenticated as machine account to remote services. Therefore, while Network Service is great for protecting local resources, it does not protect remote resources.



source: http://msdn.microsoft.com/en-us/library/ms686005(VS.85).aspx
http://msdn.microsoft.com/en-us/library/ms685981(v=VS.85).aspx

3 comments: