Re: SERVICE group

From: Marin Marinov (
Date: 06/09/04

  • Next message: MarkC: "CertSvc Event ID 74"
    Date: Wed, 9 Jun 2004 14:15:51 -0400

    In article <ukTKdNaTEHA.3988@tk2msftngp13.phx.gbl>,
    > Does anyone have any info or links to info about the built-in group named
    > "SERVICE". I'm talking about the built-in accounts like SYSTEM, NETWORK,
    > INTERACTIVE, etc.
    > I'm just trying to read about this group and find out when this gets
    > assigned to an access token.
    Hi Marty,
    This is a new security principal the purpose of which is to run services
    in its context since it has far less privileges than System. You'll
    notice that some services (e.g., Alerter) that don't require much
    privileges run under "Local Service",i.e. SERVICE.

    Membership in all these "special identities" is maintained by the system
    based on user actions.For example, when you log on locally you become a
    member of INTERACTIVE, while if you access a file share via the network
    you become a member of NETWORK. For more information on what each of
    these groups represents, search Help and Support Center for "Security
    identifiers: access control".


       Marin Marinov
       MCT, MCSE 2003/2000/NT4.0,
       MCSE:Security 2003/2000, MCP+I
    This posting is provided "AS IS" with no warranties, and confers no 
    "True knowledge exists in knowing that you know nothing."

  • Next message: MarkC: "CertSvc Event ID 74"