Re: NETWORK SERVICE, LOCAL SERVICE accounts

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 12/19/04

• Next message: Desmond Lee: "RE: NETWORK SERVICE, LOCAL SERVICE accounts"
• Previous message: Desmond Lee: "RE: NETWORK SERVICE, LOCAL SERVICE accounts"
• In reply to: Nir B: "NETWORK SERVICE, LOCAL SERVICE accounts"
• Next in thread: Nir B: "Re: NETWORK SERVICE, LOCAL SERVICE accounts"
• Reply: Nir B: "Re: NETWORK SERVICE, LOCAL SERVICE accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 19 Dec 2004 12:13:49 -0700

Local Service and Network Service are two built-in accounts
that were introduced with XP and W2k3.
Are you altering the GPOs using an uplevel machine or W2k?
The other term "non-OS service account" refers to accounts
that are not built-in to a standard install of the OS but which
have been configured for use as the context in which a service
is launched/run.

-- 
Roger Abell
Microsoft MVP (Windows  Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Nir B" <nir@icomverse.com> wrote in message
news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
> Hi All,
>
> On the Windows Server 2003 Security Guide, there are recommendations about
> the "User Rights Assignments"
> There are some rights that recommend to configure to NETWORK SERVICE,
LOCAL
> SERVICE and "all NON-Operating System Service accounts"
> I want to define these configuration using GPO, when I'm trying to add
these
> users to the GPO I can't find them (when I'm doing "Add User or Group" I
see
> my domain users and groups)
> What is the meaning of  NETWORK SERVICE, LOCAL SERVICE and all
NON-Operating
> System Service accounts?
> How do I add them to my GPO configuration?
>
>
> Thanks,
>
> Nir B
>
>

---

• Next message: Desmond Lee: "RE: NETWORK SERVICE, LOCAL SERVICE accounts"
• Previous message: Desmond Lee: "RE: NETWORK SERVICE, LOCAL SERVICE accounts"
• In reply to: Nir B: "NETWORK SERVICE, LOCAL SERVICE accounts"
• Next in thread: Nir B: "Re: NETWORK SERVICE, LOCAL SERVICE accounts"
• Reply: Nir B: "Re: NETWORK SERVICE, LOCAL SERVICE accounts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: NETWORK SERVICE, LOCAL SERVICE accounts ... Are you sure you are trying to manage the GPO settings ... Local Service and Network Service are not that same as ... I'm using uplevel machine (W2k3) and as I mention I can't add local ... (microsoft.public.win2000.security) Re: Loopback policy enabled, seems to cause login script to run twice ... GPO containing it applies to, regardless of which actual GPO it is included ... the description of how Loopback processing works is NOT ... enables loopback processing appears and where the relevant computer accounts ... Sounds like you have included the setting that runs the Logon Script so high ... (microsoft.public.windows.group_policy) RE: LDAP issues - mimesweeper for web & Active Directory ... It would just import members of the Internet Access Allowes ... How do you rate you GPO skill 1 to 10? ... GPO to an OU that has User objects/account as opposed the Comuter accounts. ... LDAP for the OU: ... (microsoft.public.windows.server.active_directory) Re: Disabling Interactive Logon Against Security Group ... Essentially this is to secure half a dozen guest accounts on domain of ... question "disable interactive logon privilages against specific OU/User ... If you set this in a GPO then the list that is to be denied that you ... One route to avoid this is to cause a machine local group to be ... (microsoft.public.security) Re: a few questions about application pool identities (IIS 6.0) ... The various accounts listed have differing rights on the machine. ... Local Service has the similar rights to network service, ... Each web application pool is contained within it's own w3wp.exe ... (microsoft.public.inetserver.iis)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)