Re: SERVICE group

From: Marty List (Bill.Gates_at_sun.com)
Date: 06/10/04


Date: Thu, 10 Jun 2004 09:29:41 -0600


"Marin Marinov" <mlmarinov@askme.ca> wrote in message
news:MPG.1b311de6485b909f989891@msnews.microsoft.com...
> In article <ukTKdNaTEHA.3988@tk2msftngp13.phx.gbl>, Bill.Gates@sun.com
> says...
> >
> > Does anyone have any info or links to info about the built-in group
named
> > "SERVICE". I'm talking about the built-in accounts like SYSTEM,
NETWORK,
> > INTERACTIVE, etc.
> >
> > I'm just trying to read about this group and find out when this gets
> > assigned to an access token.
> >
> Hi Marty,
> This is a new security principal the purpose of which is to run services
> in its context since it has far less privileges than System. You'll
> notice that some services (e.g., Alerter) that don't require much
> privileges run under "Local Service",i.e. SERVICE.
>
> Membership in all these "special identities" is maintained by the system
> based on user actions.For example, when you log on locally you become a
> member of INTERACTIVE, while if you access a file share via the network
> you become a member of NETWORK. For more information on what each of
> these groups represents, search Help and Support Center for "Security
> identifiers: access control".
>
> HTH
> --
> Cheers,
> Marin Marinov
> MCT, MCSE 2003/2000/NT4.0,
> MCSE:Security 2003/2000, MCP+I
> -
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "True knowledge exists in knowing that you know nothing."
> Socrates

Thanks for the reply Marin, but it's not exactly what I'm looking for. When
you say "some services ... run under Local Service, i.e. SERVICE" it sounds
like you are saying the Local Service and SERVICE are the same thing, which
is not true. The 'LOCAL SERVICE' and 'NETWORK SERVICE' are both built-in
accounts new with Windows XP and later. However SERVICE is a built-in
group/well known SID that exists in Windows 2000 and later. You said "the
purpose of which is to run services in its context since it has far less
privileges than System" but you can't run a service in the context of
SERVICE.

Now you were getting close when you said "when you log on locally you become
a member of INTERACTIVE, while if you access a file share via the network
you become a member of NETWORK". And what I am looking for is "when you
_____________ you become a member of SERVICE."

The help file was a good suggestion, it says "SERVICE: A group that includes
all security principals that have logged on as a service. Membership is
controlled by the operating system."

This gets me closer, but I'm looking for something more detailed and
technical like a whitepaper, or something referenced in the resource kit. I
need this for security audit documentation. Seen anything like this?



Relevant Pages

  • Re: w2k unjoin old / join new domain trouble
    ... but that WILL move the PC into a workgroup and most likely ... I have an old w2k workstation which was a member of a domain called ... no way to hook the computer up again and unjoin the domain. ... the network and assign it an IP address. ...
    (microsoft.public.win2000.networking)
  • Problem with Win2k-boots slowly & hangs...
    ... I have a small peer to peer network of win2k machines (and one XP ... Dim strUserName ' Current user ... ' Read the user's account "Member Of" tab info across the network ... ' Given a Dictionary object containing groups to which the user ...
    (microsoft.public.win2000.general)
  • Script causes win2k machine to hang on start??
    ... I have a small peer to peer network of win2k machines (and one XP ... Dim strUserName ' Current user ... ' Read the user's account "Member Of" tab info across the network ... ' Given a Dictionary object containing groups to which the user ...
    (microsoft.public.windows.server.active_directory)
  • Re: Problem with domain name
    ... Single DC on the network. ... So I tried to add the member with this name and it worked. ... properties, under active directory on the DC, etc. ... It sounds like the DNS domain name is 'local" and the NetBIOS domain name ...
    (microsoft.public.windows.server.active_directory)