NETWORK SERVICE, LOCAL SERVICE accounts

G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Hi All,

On the Windows Server 2003 Security Guide, there are recommendations about
the "User Rights Assignments"
There are some rights that recommend to configure to NETWORK SERVICE, LOCAL
SERVICE and "all NON-Operating System Service accounts"
I want to define these configuration using GPO, when I'm trying to add these
users to the GPO I can't find them (when I'm doing "Add User or Group" I see
my domain users and groups)
What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all NON-Operating
System Service accounts?
How do I add them to my GPO configuration?


Thanks,

Nir B
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

They referenced mainly to security credentials that control permissions
access to the underlying system, NTFS in particular.

They will be accessible if you access file / folder permissions via Win
Explorer for example.


"Nir B" wrote:

> Hi All,
>
> On the Windows Server 2003 Security Guide, there are recommendations about
> the "User Rights Assignments"
> There are some rights that recommend to configure to NETWORK SERVICE, LOCAL
> SERVICE and "all NON-Operating System Service accounts"
> I want to define these configuration using GPO, when I'm trying to add these
> users to the GPO I can't find them (when I'm doing "Add User or Group" I see
> my domain users and groups)
> What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all NON-Operating
> System Service accounts?
> How do I add them to my GPO configuration?
>
>
> Thanks,
>
> Nir B
>
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Local Service and Network Service are two built-in accounts
that were introduced with XP and W2k3.
Are you altering the GPOs using an uplevel machine or W2k?
The other term "non-OS service account" refers to accounts
that are not built-in to a standard install of the OS but which
have been configured for use as the context in which a service
is launched/run.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Nir B" <nir@icomverse.com> wrote in message
news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
> Hi All,
>
> On the Windows Server 2003 Security Guide, there are recommendations about
> the "User Rights Assignments"
> There are some rights that recommend to configure to NETWORK SERVICE,
LOCAL
> SERVICE and "all NON-Operating System Service accounts"
> I want to define these configuration using GPO, when I'm trying to add
these
> users to the GPO I can't find them (when I'm doing "Add User or Group" I
see
> my domain users and groups)
> What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all
NON-Operating
> System Service accounts?
> How do I add them to my GPO configuration?
>
>
> Thanks,
>
> Nir B
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

To add and clarify,

SERVICE (W2k, W2k3)
NETWORK (W2k, W2k3)

LOCAL SERVICE (XP, W2k3)
NETWORK SERVICE (XP, W2k3)


"Desmond Lee" wrote:

>
> They referenced mainly to security credentials that control permissions
> access to the underlying system, NTFS in particular.
>
> They will be accessible if you access file / folder permissions via Win
> Explorer for example.
>
>
> "Nir B" wrote:
>
> > Hi All,
> >
> > On the Windows Server 2003 Security Guide, there are recommendations about
> > the "User Rights Assignments"
> > There are some rights that recommend to configure to NETWORK SERVICE, LOCAL
> > SERVICE and "all NON-Operating System Service accounts"
> > I want to define these configuration using GPO, when I'm trying to add these
> > users to the GPO I can't find them (when I'm doing "Add User or Group" I see
> > my domain users and groups)
> > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all NON-Operating
> > System Service accounts?
> > How do I add them to my GPO configuration?
> >
> >
> > Thanks,
> >
> > Nir B
> >
> >
> >
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Thanks all for your responses.

Yes, I'm using uplevel machine (W2k3) and as I mention I can't add local
users (when I'm doing "Add User or Group" I see only my domain users and
groups and not the local users)
If I just do "Add User or Group" and instead of doing "Browse" I write
"NETWORK SERVICE" for example, is this OK?
How can I test this? (simulate NETWORK SERVICE foe example)

Thanks,

Nir B


"Roger Abell" <mvpNOSpam@asu.edu> wrote in message
news:#i0FB6f5EHA.1292@TK2MSFTNGP10.phx.gbl...
> Local Service and Network Service are two built-in accounts
> that were introduced with XP and W2k3.
> Are you altering the GPOs using an uplevel machine or W2k?
> The other term "non-OS service account" refers to accounts
> that are not built-in to a standard install of the OS but which
> have been configured for use as the context in which a service
> is launched/run.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Nir B" <nir@icomverse.com> wrote in message
> news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
> > Hi All,
> >
> > On the Windows Server 2003 Security Guide, there are recommendations
about
> > the "User Rights Assignments"
> > There are some rights that recommend to configure to NETWORK SERVICE,
> LOCAL
> > SERVICE and "all NON-Operating System Service accounts"
> > I want to define these configuration using GPO, when I'm trying to add
> these
> > users to the GPO I can't find them (when I'm doing "Add User or Group" I
> see
> > my domain users and groups)
> > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all
> NON-Operating
> > System Service accounts?
> > How do I add them to my GPO configuration?
> >
> >
> > Thanks,
> >
> > Nir B
> >
> >
>
>
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

Are you sure you are trying to manage the GPO settings
when logged into an XP or W2k3 machine, and that when
adding in the object picker you have check to select from
Built-in security principals ?
If so, they should be there to select. Keep in mind that
Local Service and Network Service are not that same as
the pseudo-groups named Service and Network in the user
interface.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"Nir B" <nir@icomverse.com> wrote in message
news:%23uRmGrM6EHA.540@TK2MSFTNGP12.phx.gbl...
> Thanks all for your responses.
>
> Yes, I'm using uplevel machine (W2k3) and as I mention I can't add local
> users (when I'm doing "Add User or Group" I see only my domain users and
> groups and not the local users)
> If I just do "Add User or Group" and instead of doing "Browse" I write
> "NETWORK SERVICE" for example, is this OK?
> How can I test this? (simulate NETWORK SERVICE foe example)
>
> Thanks,
>
> Nir B
>
>
> "Roger Abell" <mvpNOSpam@asu.edu> wrote in message
> news:#i0FB6f5EHA.1292@TK2MSFTNGP10.phx.gbl...
> > Local Service and Network Service are two built-in accounts
> > that were introduced with XP and W2k3.
> > Are you altering the GPOs using an uplevel machine or W2k?
> > The other term "non-OS service account" refers to accounts
> > that are not built-in to a standard install of the OS but which
> > have been configured for use as the context in which a service
> > is launched/run.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> > MCSE (W2k3,W2k,Nt4) MCDBA
> > "Nir B" <nir@icomverse.com> wrote in message
> > news:OT3c%232d5EHA.2664@TK2MSFTNGP10.phx.gbl...
> > > Hi All,
> > >
> > > On the Windows Server 2003 Security Guide, there are recommendations
> about
> > > the "User Rights Assignments"
> > > There are some rights that recommend to configure to NETWORK SERVICE,
> > LOCAL
> > > SERVICE and "all NON-Operating System Service accounts"
> > > I want to define these configuration using GPO, when I'm trying to add
> > these
> > > users to the GPO I can't find them (when I'm doing "Add User or Group"
I
> > see
> > > my domain users and groups)
> > > What is the meaning of NETWORK SERVICE, LOCAL SERVICE and all
> > NON-Operating
> > > System Service accounts?
> > > How do I add them to my GPO configuration?
> > >
> > >
> > > Thanks,
> > >
> > > Nir B
> > >
> > >
> >
> >
>
>