What rights on a machine does an account have when logging on as a service?

Discussion in 'Windows Networking' started by Spin, Mar 16, 2008.

  1. Spin

    Spin Guest

    Gurus,

    System services usually run under the Local System account or Network
    Security account. When you make an account run as a domain user account,
    i.e a Domain Admin account, what additional rights does it give that box on
    the local machine? I know it gives it the right to logon as a service.
    Anything else?
     
    Spin, Mar 16, 2008
    #1
    1. Advertisements

  2. Im not sure if I really understand what you want to know.

    But, all Domain Admins accounts are Local Admins for every computer joined
    to the domain.
     
    Augusto Alvarez, Mar 16, 2008
    #2
    1. Advertisements

  3. Spin

    Spin Guest

    That isn't what I asked. Thx for taking a stab though.
     
    Spin, Mar 16, 2008
    #3
  4. Spin

    kj [SBS MVP] Guest

    Open the localmachine sercurity policy, expand the computer configuration,
    security settings, local policies, user rights assignments....

    then look for the rights and accounts of interest.
     
    kj [SBS MVP], Mar 16, 2008
    #4
  5. Spin

    lforbes Guest

    It depends.

    Domain Admins group is added to the Local Administrators group on the
    machine. Therefore it has access to everything as does a Local Admin.

    Domain Users are added to the local Users group on the machine so therefore
    it has the same access as a local user. I restrict my local users even
    further than MS does by default by setting NTFS permissions.

    Cheers,
    Lara
     
    lforbes, Mar 16, 2008
    #5
  6. It shouldn't give you any additional rights. A user account (Domain or
    local) needs to be assigned the right to log on as a service to run but you
    have to assign that right it never has any additional rights provided to it
    because it runs as a service.

    --
    Paul Bergson
    MVP - Directory Services
    MCT, MCSE, MCSA, Security+, BS CSci
    2008, 2003, 2000 (Early Achiever), NT4

    http://www.pbbergs.com

    Please no e-mails, any questions should be posted in the NewsGroup
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Paul Bergson [MVP-DS], Mar 17, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.