Thursday, August 18, 2011

Service Accounts


        Local System : Completely trusted account, more so than the administrator account. There is nothing on a single box that this account can not do and it has the right to access the network as the machine (this requires Active Directory and granting the machine account permissions to something)
        
         Network Service : Limited service account that is meant to run standard least-privileged services. This account is far more limited than Local System (or even Administrator) but still has the right to access the network as the machine (see caveat above)

      Local Service : A limited service account that is very similar to Network Service and meant to run standard least-privileged services. However unlike Network Service it has no ability to access the network as the machine.

Cheers!!!