What is a SYSTEM or NETWORK SERVICE account?

J

Jason Freeman

I was looking under the Task Scheduler, and some tasks are set to run using
one of the following accounts:

1.) SYSTEM
2.) NETWORK SERVICE
3.) Authenticated Users
4.) LOCAL SERVICE
5.) Users

What are these accounts? Is it possible to login as them? Why do they
exist and what purpose do they serve?

Jason
 
J

Jimmy Brush

Jason Freeman wrote:
> I was looking under the Task Scheduler, and some tasks are set to run
> using one of the following accounts:
>
[...]
>
> What are these accounts? [...] Why do they exist and what purpose do they serve?

These are built-in accounts or account groups.

The built-in accounts are the system accounts that "your computer is
logged in as". There are multiple accounts in order to artificially
limit what the system can do depending on what it is doing. This
increases the security of your computer, as Windows security can allow
or deny the computer access to something depending on which system
account it is using.

Besides Windows operating system programs, third-party software that
install service programs or scheduled tasks can use these accounts.

Built-in groups are kind of like tags that Windows puts on a user
account when the account logs in. It is used by windows security to
allow or deny a user access to resources based on this special
information (i.e., are they logged in over the network, have they
entered a password or not, etc.).

Some built-in groups are used for management purposes. You control which
users belong to these groups, and they exist to allow you to easily
control what privileges the users on your computer are assigned (e.g.
the users and administrators groups).


> 1.) SYSTEM

This account is used by system programs and has the full privileges of
the computer.

> 2.) NETWORK SERVICE

This account is used by system programs that run on your computer that
need access to the network.

> 3.) Authenticated Users

This group is used to identify users that have logged in with a username
and password.

> 4.) LOCAL SERVICE

This account is used by system programs that run on your computer but do
not need access to the network.

> 5.) Users

This group is used to identify the users of the computer. As an
administrator, you control who is in this group.

> Is it possible to login as them?

You cannot log in as a group.

When you see a group like this in task scheduler, it usually means that
the scheduled task will run whenever any user of that group logs in.

You cannot easily log in as a system account, but I would not say it is
impossible.


--
-JB
Microsoft MVP - Windows Shell/User
Windows Vista Support FAQ - http://www.jimmah.com/vista/
 
J

Jason Freeman

Jimmy,

Excellent information! You explained that very well.

If I may ask, where did you learn this? I'd like to read up in more detail
about the accounts myself.

Jason


"Jimmy Brush" <jb@mvps.org> wrote in message
news:ePcis9ZwHHA.3508@TK2MSFTNGP03.phx.gbl...
> Jason Freeman wrote:
>> I was looking under the Task Scheduler, and some tasks are set to run
>> using one of the following accounts:
>>
> [...]
>>
>> What are these accounts? [...] Why do they exist and what purpose do they
>> serve?
>
> These are built-in accounts or account groups.
>
> The built-in accounts are the system accounts that "your computer is
> logged in as". There are multiple accounts in order to artificially limit
> what the system can do depending on what it is doing. This increases the
> security of your computer, as Windows security can allow or deny the
> computer access to something depending on which system account it is
> using.
>
> Besides Windows operating system programs, third-party software that
> install service programs or scheduled tasks can use these accounts.
>
> Built-in groups are kind of like tags that Windows puts on a user account
> when the account logs in. It is used by windows security to allow or deny
> a user access to resources based on this special information (i.e., are
> they logged in over the network, have they entered a password or not,
> etc.).
>
> Some built-in groups are used for management purposes. You control which
> users belong to these groups, and they exist to allow you to easily
> control what privileges the users on your computer are assigned (e.g. the
> users and administrators groups).
>
>
> > 1.) SYSTEM
>
> This account is used by system programs and has the full privileges of the
> computer.
>
> > 2.) NETWORK SERVICE
>
> This account is used by system programs that run on your computer that
> need access to the network.
>
> > 3.) Authenticated Users
>
> This group is used to identify users that have logged in with a username
> and password.
>
> > 4.) LOCAL SERVICE
>
> This account is used by system programs that run on your computer but do
> not need access to the network.
>
> > 5.) Users
>
> This group is used to identify the users of the computer. As an
> administrator, you control who is in this group.
>
>> Is it possible to login as them?
>
> You cannot log in as a group.
>
> When you see a group like this in task scheduler, it usually means that
> the scheduled task will run whenever any user of that group logs in.
>
> You cannot easily log in as a system account, but I would not say it is
> impossible.
>
>
> --
> -JB
> Microsoft MVP - Windows Shell/User
> Windows Vista Support FAQ - http://www.jimmah.com/vista/
 
C

cquirke (MVP Windows shell/user)

On Sun, 08 Jul 2007 16:34:31 -0400, Jimmy Brush <jb@mvps.org> wrote:

<really good info snipped>

>You cannot easily log in as a system account, but I would not say it is
>impossible.

Try this in Vista, as tested in Vista64 RTM:
- Regedit, Yes to the UAC prompt
- navigate to each HKLM\System\*ControlSet*\SafeBoot
- export the Alternate Shell key
- fill this key with garbage (yes, you'll be allowed to)
- Shutdown, Restart
- F8, choose Safe Mode Command Prompt Only
- are you surprised to see Explorer as shell?
- create a file on "the desktop" with a unique name
- Shutdown, Restart
- find the file you created from Safe Mode where is it?
- what rights were you operating under in that session?
- Regedit, Yes to the UAC prompt
- navigate to each HKLM\System\*ControlSet*\SafeBoot
- import the Alternate Shell keys you'd saved


>--------------- ----- ---- --- -- - - -
Error Messages Are Your Friends
>--------------- ----- ---- --- -- - - -
 
J

Jimmy Brush

Jason Freeman wrote:
> Jimmy,
>
> Excellent information! You explained that very well.
>
> If I may ask, where did you learn this? I'd like to read up in more
> detail about the accounts myself.

You're welcome :)

I learned it from a bunch of different sources over time... I can't
really point my finger at something in particular.

Like yourself, I was curious and sought the knowledge :).

I did find some websites for you that go into some aspects of user accounts:

http://www.lockergnome.com/nexus/it/2004/10/29/certification-success-implicit-groups/
http://www.microsoft.com/technet/security/guidance/serversecurity/serviceaccount/sspgch02.mspx
http://www.ss64.com/ntsyntax/security_groups.html
http://www.microsoft.com/technet/archive/winntas/evaluate/featfunc/04wntpcb.mspx?mfr=true


- JB
 
You must log in or register to reply here.

Similar threads

D
How do I set up a home network
Replies
0
Views
19
Daniel D1
D
D
Can someone help with "The network is not present or not started" and Error 1075: The dependency service does not exist or has been marked for deletio
Replies
0
Views
30
DMTx_013
D
I
What Are the Implications of Removing SYSTEM Account Permissions on Active Directory Users and Computers (ADUC) snap in ?
Replies
0
Views
49
IT Researcher007
I
B
I receive the error message “this microsoft account does not exist. Enter a diffrent account or request a new one .
Replies
0
Views
56
Benyamin Qassemi
B
A
What is the naming scheme for windows login associated to microsoft account ?
Replies
0
Views
62
ago char
A
Back
Top Bottom