Is the SYSTEM account always allowed to do anything?

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hello.

Is a process running under NT-authority\SYSTEM account allowed to do
anything, or can I restrict even processes that run as SYSTEM -
especially with regard to user-privileges?

hope someone can shed light on this,
thanks in adv,
Martin

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Essentially, the NT-authority\SYSTEM account is allowed to do any and
everything as Windows is shipped and after any of the flavors of what is
considered a "normal" type of install (standard manual install, slipstreamed,
or unattended, plus others...). But, it is possible to change that, though
you have to go out of your way to do so and know how to.
If you haven't tried to limit it, then as mentioned above, it is very much
like the "god" account... whatever it wants, it does.

Rather than try to arm you with a little bit of knowledge to "go forth and
disable the SYSTEM account - not a good idea! - please tell us what the
specific process/application is that has you concerned: there is a fair
chance you have a malware of some type rather than a real issue (some kind of
parasite that is masquerading as a ligitimate OS component that somehow
ensnared the NT-authority\SYSTEM account privileges.
Do a google search on the exact name of the process and see what you get.

Let us know what you get.



"Martin T." wrote:

> Hello.
>
> Is a process running under NT-authority\SYSTEM account allowed to do
> anything, or can I restrict even processes that run as SYSTEM -
> especially with regard to user-privileges?
>
> hope someone can shed light on this,
> thanks in adv,
> Martin
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Danor (donotspam) wrote:
> Essentially, the NT-authority\SYSTEM account is allowed to do any and

> everything
> [...]

Thanks for the Info.


> Rather than try to arm you with a little bit of knowledge to "go
forth and
> disable the SYSTEM account - not a good idea! - please tell us what
the
> specific process/application is that has you concerned: there is a
fair
> chance you have a malware of some type rather than a real issue
> [...]
>

Actually it was more of a general question, because one can give rights
to the SYSTEM account in many settings, but as far as I could see it
could do anything anyway.

The specific problem I was having is, that I want to disable
SetSystemTime for _all_ users. Since many services run as SYSTEM
though, it does not seem that I will succeed in preventing some obsure
service from changing the system time and thus breaking something since
our system relies upon the fact that the system-time does not change.

mfG,
Martin

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I myself am experimenting with the time services in XP and consider myself
far less knowledgeable about that than to try an advise you on any specifics.

But.. I have run across an interesting Site:
http://www.analogX.com/
A programmer who is also into making his own music has lots of neat stuff
there.
One of them is a little program he calls AtomicClock. What it does is to
allow you to sync your PC to _ANY_ NTP time server on the wwweb in a very
simple interface.
Another neat aspect of his little program is that it allows one of your PC's
in a workgroup/LAN to further act as a TimeServer for the network. Pretty
neat stuff that might be able to assist you, because...
The way it works is that once you Synchronize your clock you can then check
in on it every so often and it will tell you what the sync'd time is and what
YOUR time is and the difference (in seconds). This might help clue you in if
some other influence is effecting your system clock, as you mentioned was a
concern.

This little prog won't tell you what it is, but if you let it run for say a
month and it remains syncd... you may not have anything to worry about.
Could be an effective litmus test tool for you.

Good luck!


"Martin T." wrote:

> Danor (donotspam) wrote:
> > Essentially, the NT-authority\SYSTEM account is allowed to do any and
>
> > everything
> > [...]
>
> Thanks for the Info.
>
>
> > Rather than try to arm you with a little bit of knowledge to "go
> forth and
> > disable the SYSTEM account - not a good idea! - please tell us what
> the
> > specific process/application is that has you concerned: there is a
> fair
> > chance you have a malware of some type rather than a real issue
> > [...]
> >
>
> Actually it was more of a general question, because one can give rights
> to the SYSTEM account in many settings, but as far as I could see it
> could do anything anyway.
>
> The specific problem I was having is, that I want to disable
> SetSystemTime for _all_ users. Since many services run as SYSTEM
> though, it does not seem that I will succeed in preventing some obsure
> service from changing the system time and thus breaking something since
> our system relies upon the fact that the system-time does not change.
>
> mfG,
> Martin
>
>

 

[Guest]

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Danor (donotspam) wrote:
> But.. I have run across an interesting Site:
> http://www.analogX.com/
> A programmer who is also into making his own music has lots of neat
stuff
> there.
> One of them is a little program he calls AtomicClock. What it does is
to
> allow you to sync your PC to _ANY_ NTP time server on the wwweb in a
very
> simple interface.
> [...]

Thanks.
I'll take a look.

mfG, Martin