Security and NT Services

The LocalSystem account (.\System)
- Inherits the security context of the SCM
  - Can open HKEY_LOCAL_MACHINE\SECURITY
- No credentials
  - Must connect to network resources using a NULL session
  - The LanmanServer\Parameters key contails the NullSessionPipes and NullSessionShares keys, which control things to which null sessions can connect
  - Cannot share objects with other applications, if they were opened using a non-NULL DACL
  - Cannot open HKEY_CURRENT_USER
Running as a user account
- When user changes password, service can no longer log on
- Has user rights and credentials
- User needs to be able to "log on as a service" (see advanced rights in User Manager)
- For impersonation, it also needs:
  - Act as part of the operating system (TCB: Trusted Computer Base, not kernel mode)
  - Replace a process-level token
  - Increase quotas
- This opens various security holes: the user account will be able to do things an ordinary account could not do
Interacting with the desktop
- Can provide a way for a user to stop a service
  - pcAnywhere
  - McAffee
- Not generally that great an idea for server processes
  - There may not be a desktop
  - Better to have a control panel interface, or a client
- Nice for notifications, sometimes
  - Can pop up a message box even when nobody is logged in
  - Gets your attention better than the event log

Back to the main Services T3 Page
Back (What is the Life of an NT Service Like?)	Next (The Service Control Manager)

This page is maintained by Peyton Engel.
Last modified 24 May 1999