When a Service starts, It authenticates as the logon account and has the same rights to the resource as the logon account
It means, that if a service is running with a SYSTEM account, then this service will have all the rights and permissions (privileges) that a SYSTEM has while accessing the resource
A Service can run by the following types of Accounts
1. SYSTEM
2. Local Service
3. Network Service
4 Service Account
SYSTEM
- Full access to the computer
- Can access network resources with rights of the computer account
- On a domain controller, this account has access to the entire domain
Local Service
- Same level of access as the built in user account
- Has limited rights
- Access to network resource is performed as a Null Session (Anonymous)
Network Service
- Same access to local resource as that of Local Service Account
- For accessing network resource, the permission of the computer account determines which resource can be accessed
Service Account
- Can be created by an application or manually
- Creating a service account manually involves creating a user account and then registering a SPN with that user account
