16 November, 2010

Service Account

When a Service starts, It authenticates as the logon account and has the same rights to the resource as the logon account

It means, that if a service is running with a SYSTEM account, then this service will have all the rights and permissions (privileges) that a SYSTEM has while accessing the resource

A Service can run by the following types of Accounts

2. Local Service
3. Network Service
4 Service Account

- Full access to the computer
- Can access network resources with rights of the computer account
- On a domain controller, this account has access to the entire domain

Local Service
- Same level of access as the built in user account
- Has limited rights
- Access to network resource is performed as a Null Session (Anonymous)

Network Service
- Same access to local resource as that of Local Service Account
- For accessing network resource, the permission of the computer account determines which resource can be accessed

Service Account
- Can be created by an application or manually
- Creating a service account manually involves creating a user account and then registering a SPN with that user account