Tuesday, August 3, 2021

What are Windows' In-built service accounts available and why do we need them?

In Windows system's, there are some built-in user accounts without passwords and you can use them directly and each built-in account has a different purpose. See the below image,


  • LocalService (preferred) → (User + No Network) 

    A limited service account that is very similar to Network Service and meant to run standard least-privileged services. However, unlike Network Service it accesses the network as an Anonymous user.

    • Name : NT AUTHORITY\LocalService
    • The account has no password (any password information you provide is ignored)
    • HKCU represents the LocalService user account. It has minimal privileges on the local computer & presents anonymous credentials on the network
    • SID: S-1-5-19
    • Has its own profile under the HKEY_USERS registry key (HKEY_USERS\S-1-5-19)
        • NetworkService → (User + Network)

          The limited-service account is meant to run standard privileged services. This account is far more limited than the Local System (or even Administrator) but still has the right to access the network as the machine (see caveat above).

          • Name : NT AUTHORITY\NetworkService
          • the account has no password (any password information you provide is ignored)
          • HKCU represents the NetworkService user account. It has minimal privileges on the local computer & presents the computer's credentials to remote servers.
          • SID: S-1-5-20
          • Has its own profile under the HKEY_USERS registry key (HKEY_USERS\S-1-5-20)
              • LocalSystem (dangerous, don't use!) → (Admin + Network)

                Completely trusted account, more so than the administrator account. There is nothing on a single box that this account cannot do, and it has the right to access the network as the machine (this requires Active Directory and granting the machine account permissions to something)

                • Name : .\LocalSystem (can also use LocalSystem or ComputerName\LocalSystem)
                • The account has no password (any password information you provide is ignored)
                • SID: S-1-5-18
                • Does not have any profile of its own (HKCU represents the default user)
                • Has extensive privileges on the local computer & presents the computer's credentials to remote servers.
              Posted by PRABU PICHAI at 8/03/2021 10:33:00 AM 0 comments
              Subscribe to: Posts (Atom)