LocalSystem vs. System vs. Local System Windows system accounts

asp.net sql-server windows networking system

23,020

Here is the same question answered https://serverfault.com/questions/168752/windows-localsystem-vs-system

23,020

Author by

Gennady Vanin Геннадий Ванин

Business Analyst, ex- programmer, biz analyst, Q&A developer in Test, chemical cybernetics engineer, scientist, US patent attorney, translator, tourist guide, traveller, parachuter, tennis player, futebolista, military officer etc.

Updated on August 11, 2020

Comments

Gennady Vanin Геннадий Ванин almost 4 years

I am completely confused by MS docs on Windows built-in accounts.

SQL Server 2008 R2 online docs "Setting Up Windows Service Accounts" tells

"Local System is a very high-privileged built-in account. It has extensive privileges on the local system and acts as the computer on the network. The actual name of the account is "NT AUTHORITY\SYSTEM".

while MSDN article "LocalSystem Account", see the link in comments, dated by 8/5/2010, tells:

The LocalSystem account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function. It has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITY\SYSTEM and BUILTIN\Administrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .\LocalSystem. The name, LocalSystem or ComputerName\LocalSystem can also be used. This account does not have a password. If you specify the LocalSystem account in a call to the CreateService function, any password information you provide is ignored

Now, looking on my Windows XP Pro SP3 (part of workgroup) with installed MS SQL Server 2008 R2 x86 Trial (Developer Preview) into available accounts:

Windows Explorer dir right-Click --> Properties --> Security tab --> btn "Add..." --> btn "Advanced..." --> btn "Find Now..."

reveals that Windows XP has neither "NT Authority\SYSTEM", nor "Local System", nor LocalSystem but has only SYSTEM account.

How should I understand and read MS docs? One article after another contradicting each another and having nothing in common with observed reality

----------

Edit1:

Oops, I cannot even continue discussion and edit my post recieving: "new users can only post a maximum of one hyperlink. Earn 10 reputation to post more hyperlinks".

Though I am not a new user and points are never being added to my account upon answering, posting, etc., as described in FAQ!