NETWORK SERVICE, LOCAL SERVICE accounts

Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,

On the Windows Server 2003 Security Guide, there are recommendations about
the "User Rights Assignments"
There are some rights that recommend to configure to NETWORK SERVICE, LOCAL
SERVICE and "all NON-Operating System Service accounts"
I want to define these configuration using GPO, when I'm trying to add these
users to the GPO I can't find them (when I'm doing "Add User or Group" I see
my domain users and groups)
What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all NON-Operating
System Service accounts?
How do I add them to my GPO configuration?


Thanks,

Nir B
5 answers Last reply
More about network service local service accounts
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    They referenced mainly to security credentials that control permissions
    access to the underlying system, NTFS in particular.

    They will be accessible if you access file / folder permissions via Win
    Explorer for example.


    "Nir B" wrote:

    > Hi All,
    >
    > On the Windows Server 2003 Security Guide, there are recommendations about
    > the "User Rights Assignments"
    > There are some rights that recommend to configure to NETWORK SERVICE, LOCAL
    > SERVICE and "all NON-Operating System Service accounts"
    > I want to define these configuration using GPO, when I'm trying to add these
    > users to the GPO I can't find them (when I'm doing "Add User or Group" I see
    > my domain users and groups)
    > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all NON-Operating
    > System Service accounts?
    > How do I add them to my GPO configuration?
    >
    >
    > Thanks,
    >
    > Nir B
    >
    >
    >
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Local Service and Network Service are two built-in accounts
    that were introduced with XP and W2k3.
    Are you altering the GPOs using an uplevel machine or W2k?
    The other term "non-OS service account" refers to accounts
    that are not built-in to a standard install of the OS but which
    have been configured for use as the context in which a service
    is launched/run.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Nir B" <nir@icomverse.com> wrote in message
    news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
    > Hi All,
    >
    > On the Windows Server 2003 Security Guide, there are recommendations about
    > the "User Rights Assignments"
    > There are some rights that recommend to configure to NETWORK SERVICE,
    LOCAL
    > SERVICE and "all NON-Operating System Service accounts"
    > I want to define these configuration using GPO, when I'm trying to add
    these
    > users to the GPO I can't find them (when I'm doing "Add User or Group" I
    see
    > my domain users and groups)
    > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all
    NON-Operating
    > System Service accounts?
    > How do I add them to my GPO configuration?
    >
    >
    > Thanks,
    >
    > Nir B
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    To add and clarify,

    SERVICE (W2k, W2k3)
    NETWORK (W2k, W2k3)

    LOCAL SERVICE (XP, W2k3)
    NETWORK SERVICE (XP, W2k3)


    "Desmond Lee" wrote:

    >
    > They referenced mainly to security credentials that control permissions
    > access to the underlying system, NTFS in particular.
    >
    > They will be accessible if you access file / folder permissions via Win
    > Explorer for example.
    >
    >
    > "Nir B" wrote:
    >
    > > Hi All,
    > >
    > > On the Windows Server 2003 Security Guide, there are recommendations about
    > > the "User Rights Assignments"
    > > There are some rights that recommend to configure to NETWORK SERVICE, LOCAL
    > > SERVICE and "all NON-Operating System Service accounts"
    > > I want to define these configuration using GPO, when I'm trying to add these
    > > users to the GPO I can't find them (when I'm doing "Add User or Group" I see
    > > my domain users and groups)
    > > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all NON-Operating
    > > System Service accounts?
    > > How do I add them to my GPO configuration?
    > >
    > >
    > > Thanks,
    > >
    > > Nir B
    > >
    > >
    > >
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks all for your responses.

    Yes, I'm using uplevel machine (W2k3) and as I mention I can't add local
    users (when I'm doing "Add User or Group" I see only my domain users and
    groups and not the local users)
    If I just do "Add User or Group" and instead of doing "Browse" I write
    "NETWORK SERVICE" for example, is this OK?
    How can I test this? (simulate NETWORK SERVICE foe example)

    Thanks,

    Nir B


    "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    news:#i0FB6f5EHA.1292@TK2MSFTNGP10.phx.gbl...
    > Local Service and Network Service are two built-in accounts
    > that were introduced with XP and W2k3.
    > Are you altering the GPOs using an uplevel machine or W2k?
    > The other term "non-OS service account" refers to accounts
    > that are not built-in to a standard install of the OS but which
    > have been configured for use as the context in which a service
    > is launched/run.
    >
    > --
    > Roger Abell
    > Microsoft MVP (Windows Security)
    > MCSE (W2k3,W2k,Nt4) MCDBA
    > "Nir B" <nir@icomverse.com> wrote in message
    > news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
    > > Hi All,
    > >
    > > On the Windows Server 2003 Security Guide, there are recommendations
    about
    > > the "User Rights Assignments"
    > > There are some rights that recommend to configure to NETWORK SERVICE,
    > LOCAL
    > > SERVICE and "all NON-Operating System Service accounts"
    > > I want to define these configuration using GPO, when I'm trying to add
    > these
    > > users to the GPO I can't find them (when I'm doing "Add User or Group" I
    > see
    > > my domain users and groups)
    > > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all
    > NON-Operating
    > > System Service accounts?
    > > How do I add them to my GPO configuration?
    > >
    > >
    > > Thanks,
    > >
    > > Nir B
    > >
    > >
    >
    >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    Are you sure you are trying to manage the GPO settings
    when logged into an XP or W2k3 machine, and that when
    adding in the object picker you have check to select from
    Built-in security principals ?
    If so, they should be there to select. Keep in mind that
    Local Service and Network Service are not that same as
    the pseudo-groups named Service and Network in the user
    interface.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "Nir B" <nir@icomverse.com> wrote in message
    news:%23uRmGrM6EHA.540@TK2MSFTNGP12.phx.gbl...
    > Thanks all for your responses.
    >
    > Yes, I'm using uplevel machine (W2k3) and as I mention I can't add local
    > users (when I'm doing "Add User or Group" I see only my domain users and
    > groups and not the local users)
    > If I just do "Add User or Group" and instead of doing "Browse" I write
    > "NETWORK SERVICE" for example, is this OK?
    > How can I test this? (simulate NETWORK SERVICE foe example)
    >
    > Thanks,
    >
    > Nir B
    >
    >
    > "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
    > news:#i0FB6f5EHA.1292@TK2MSFTNGP10.phx.gbl...
    > > Local Service and Network Service are two built-in accounts
    > > that were introduced with XP and W2k3.
    > > Are you altering the GPOs using an uplevel machine or W2k?
    > > The other term "non-OS service account" refers to accounts
    > > that are not built-in to a standard install of the OS but which
    > > have been configured for use as the context in which a service
    > > is launched/run.
    > >
    > > --
    > > Roger Abell
    > > Microsoft MVP (Windows Security)
    > > MCSE (W2k3,W2k,Nt4) MCDBA
    > > "Nir B" <nir@icomverse.com> wrote in message
    > > news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
    > > > Hi All,
    > > >
    > > > On the Windows Server 2003 Security Guide, there are recommendations
    > about
    > > > the "User Rights Assignments"
    > > > There are some rights that recommend to configure to NETWORK SERVICE,
    > > LOCAL
    > > > SERVICE and "all NON-Operating System Service accounts"
    > > > I want to define these configuration using GPO, when I'm trying to add
    > > these
    > > > users to the GPO I can't find them (when I'm doing "Add User or Group"
    I
    > > see
    > > > my domain users and groups)
    > > > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all
    > > NON-Operating
    > > > System Service accounts?
    > > > How do I add them to my GPO configuration?
    > > >
    > > >
    > > > Thanks,
    > > >
    > > > Nir B
    > > >
    > > >
    > >
    > >
    >
    >
Ask a new question

Read More

Windows Server 2003 Configuration Security Windows