Re: Local System Account & Network Access
- From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 29 Jun 2006 18:03:37 -0500
Offhand I don't know exactly what is going on but what I would do is to
check the security log on the server that has the administrator share to see
the type 3 logon event generated when access is allowed to the share and the
user name. The events in the log are time stamped so it should be easy to
find. The info in the link below may also be helpful if you have not seen it
yet on planning security for service accounts. --- Steve
http://www.microsoft.com/technet/security/topics/serversecurity/serviceaccount/sspgch03.mspx
-- The Services and Service Accounts Security Planning Guide
"Alwin" <Alwin@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:578755CB-FC31-4512-91D7-B8379710C22E@xxxxxxxxxxxxxxxx
Hi,
I have a custom developed windows service running on XP - very simple , it
accepts commands via TCP/IP and executes them on the pc on which it is
installed.
The service gets installed with 'Local System' account credentials which
by
all accounts does not have access to network resources. I am however able
to
send commands to the service instructing it to install software packages
which reside on a network share (shared read-only for domain users) and it
works just fine.
I am concerned because all the documentation I have read indicates that
this
should not be possible, are there any special circumstances where the
System
account can access UNC share paths?
.
- Follow-Ups:
- Re: Local System Account & Network Access
- From: Alwin
- Re: Local System Account & Network Access
- Prev by Date: Re: Criteria for IE to Negotiate Kerberos and Not NTLMSSP
- Next by Date: Re: how to secure VPN to a SQL server?
- Previous by thread: Re: Renaming a Certificate Root authority
- Next by thread: Re: Local System Account & Network Access
- Index(es):
Relevant Pages
|
