Re: SERVICE group
From: Marin Marinov (mlmarinov_at_askme.ca)
Date: 06/09/04
- Previous message: John Koswalski: "W2K3 domain in DMZ"
- In reply to: Marty List: "SERVICE group"
- Next in thread: Marty List: "Re: SERVICE group"
- Reply: Marty List: "Re: SERVICE group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 9 Jun 2004 14:15:51 -0400
In article <ukTKdNaTEHA.3988@tk2msftngp13.phx.gbl>, Bill.Gates@sun.com
says...
>
> Does anyone have any info or links to info about the built-in group named
> "SERVICE". I'm talking about the built-in accounts like SYSTEM, NETWORK,
> INTERACTIVE, etc.
>
> I'm just trying to read about this group and find out when this gets
> assigned to an access token.
>
Hi Marty,
This is a new security principal the purpose of which is to run services
in its context since it has far less privileges than System. You'll
notice that some services (e.g., Alerter) that don't require much
privileges run under "Local Service",i.e. SERVICE.
Membership in all these "special identities" is maintained by the system
based on user actions.For example, when you log on locally you become a
member of INTERACTIVE, while if you access a file share via the network
you become a member of NETWORK. For more information on what each of
these groups represents, search Help and Support Center for "Security
identifiers: access control".
HTH
-- Cheers, Marin Marinov MCT, MCSE 2003/2000/NT4.0, MCSE:Security 2003/2000, MCP+I - This posting is provided "AS IS" with no warranties, and confers no rights. "True knowledge exists in knowing that you know nothing." Socrates
- Previous message: John Koswalski: "W2K3 domain in DMZ"
- In reply to: Marty List: "SERVICE group"
- Next in thread: Marty List: "Re: SERVICE group"
- Reply: Marty List: "Re: SERVICE group"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
