Question about Windows services accounts

[PhilipDaniels]

In MSDN, for the description of the ServiceAccount enumeration it has
the following:


LocalService: An account that acts as a non-privileged user on the
local computer, and presents anonymous credentials to any remote
server.

NetworkService: An account that provides extensive local privileges,
and presents the computer's credentials to any remote server.


What is the meaning/implication of the 2 phrases "presents .... to any
remote server".

 

[Henning Krause [MVP - Exchange]]

Hello,

When you are running a windows service and remotely access a resource (say,
a database server) with integrated authentication, the local service account
will connect as Anonymous, whereas the NetworkService connects to the
database with the computer account.

Best regards,
Henning Krause

 

[PhilipDaniels]

Hello,

When you are running a windows service and remotely access a resource (say,
a database server) with integrated authentication, the local service account
will connect as Anonymous, whereas the NetworkService connects to the
database with the computer account.

Best regards,
Henning Krause

Thanks Henning, your post made me aware that these were user accounts.
It turns out that there are several special types of account (aka
"built-in security principals") which are used for this and other
purposes. They don't show up in the Computer Management snap-in but
you can see them from the "Security" tab for folder permissions in
Explorer.

I found this paper here if anybody is interested:

http://www.microsoft.com/technet/security/guidance/serversecurity/serviceaccount/default.mspx