Re: SERVICE group
From: Marin Marinov (mlmarinov_at_askme.ca)
Date: Wed, 9 Jun 2004 14:15:51 -0400
In article <ukTKdNaTEHA.firstname.lastname@example.org>, Bill.Gates@sun.com
> Does anyone have any info or links to info about the built-in group named
> "SERVICE". I'm talking about the built-in accounts like SYSTEM, NETWORK,
> INTERACTIVE, etc.
> I'm just trying to read about this group and find out when this gets
> assigned to an access token.
This is a new security principal the purpose of which is to run services
in its context since it has far less privileges than System. You'll
notice that some services (e.g., Alerter) that don't require much
privileges run under "Local Service",i.e. SERVICE.
Membership in all these "special identities" is maintained by the system
based on user actions.For example, when you log on locally you become a
member of INTERACTIVE, while if you access a file share via the network
you become a member of NETWORK. For more information on what each of
these groups represents, search Help and Support Center for "Security
identifiers: access control".
-- Cheers, Marin Marinov MCT, MCSE 2003/2000/NT4.0, MCSE:Security 2003/2000, MCP+I - This posting is provided "AS IS" with no warranties, and confers no rights. "True knowledge exists in knowing that you know nothing." Socrates