Re: Log on as a service

From: jps (anonymous_at_discussions.microsoft.com)
Date: 02/08/04 

Date: Sun, 8 Feb 2004 09:44:12 -0800

How about the interface from the properties of one of
local security policies, e.g. Local Security Settings ->
Right click properties -> Add Users or Groups -> Select
Users or Groups -> Advanced? Is this the same type of
interface you were referring to?

Don't mean to ask the same question again. Just want to be
sure I'm clear on this ... I could see 'MyDomain\myuserid'
in the list of RDNs, but not the one in the aforementioned
security setting of 'Log on as a service' (i.e. the one
that begins with '*S-1-...'). Is there a way to resolve
this '*S-1-...' so that I can be sure that it is a deleted
account (or not)? Interestingly, this '*S-1-...' appear in
the security settings for the other local security
policies as well.

Based on what you said that my domain account does not
need a grant to log in as a service in order to log in, is
it ok and safe if I set 'Log on as a service' to 'Not
Defined', i.e. remove SYSTEM, NETWORK and this '*S-1-...'?

If I leave this setting as it is, is there a way if I can
found out or trace someone remotely log on to my PC as me?

Thanks much,
JPS

>-----Original Message-----
>If you currently can resolve domain users and groups when
>in an interface such as the one to add to the security
grants
>in NTFS, then the SID you are seeing in the local policy
is
>likely the remains of a delete account.
>If when in such as the NTFS security dialog you cannot see
>friendly names for domain users and groups, then you may
be
>correct, that it is for some account/group of the domain.
>
>Your domain account does not need a grant to log in as a
>service in order to log in.
>
>If you have a domain and certain accounts are able to log
in,
>then just exactly as with local accounts, anyone knowing
the
>account and its password will be able to use the account.
>--
>Roger Abell
>Microsoft MVP (Windows Server System: Security)
>MCSE (W2k3,W2k,Nt4) MCDBA
>"jps" <anonymous@discussions.microsoft.com> wrote in
message
>news:c96301c3ee4a$08218170$a001280a@phx.gbl...
>> The setting also has something that begins with *S-1-
...,
>> which I believe is my user ID in the network domain.
>>
>> Is there a way I can verify this is my account, which is
>> an account in a domain, but not other's? Like to convert
>> it into a readable format, e.g. Domain\userid?
>>
>> Assume this is my user ID (which I think it should be,
or
>> else I won't be able to log on to the domain). If there
is
>> someone who has access to obtain my password from the
>> domain, how can I prevent him from remotely accessing to
>> my computer?
>>
>> Thanks again,
>> JPS
>>
>>
>> >-----Original Message-----
>> >"jps" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:c3d001c3ee44$59bb9bc0$a301280a@phx.gbl...
>> >> What is this policy in the Local Security Settings
for?
>> My
>> >> current setting has SYSTEM and NETWORK SERVICE in
there,
>> >> but shouldn't the default be 'blank'? Is the current
>> >> setting safe?
>> >
>> >Without sounding redundant and in simple terms - it
>> allows a service (a
>> >process that runs continuously in the background) to
use
>> an account instead
>> >of just being started by the operating system. This
>> allows that account to
>> >have the sufficient rights to start up a process as a
>> service.
>> >
>> >--
>> >Regards,
>> >
>> >Mike
>> >--
>> >Mike Brannigan [Microsoft]
>> >
>> >This posting is provided "AS IS" with no warranties,
and
>> confers no
>> >rights
>> >
>> >Please note I cannot respond to e-mailed questions,
>> please use these
>> >newsgroups
>> >
>> >"jps" <anonymous@discussions.microsoft.com> wrote in
>> message
>> >news:c3d001c3ee44$59bb9bc0$a301280a@phx.gbl...
>> >> What is this policy in the Local Security Settings
for?
>> My
>> >> current setting has SYSTEM and NETWORK SERVICE in
there,
>> >> but shouldn't the default be 'blank'? Is the current
>> >> setting safe?
>> >>
>> >> Thanks,
>> >> JPS
>> >>
>> >
>> >
>> >.
>> >
>
>
>.
>