?
Solved

NT system generated accounts

Posted on 2010-08-24
10
Medium Priority
?
376 Views
Last Modified: 2013-12-04
Hey guys,
This is more of just a question, rather than a request for a solution. I was told when a Windows NT pc or server is built, a system account is automatically created. I was also told that this system account has no password, and uses an anonymous logon.

Can someone shed some light on this? Help me understand these statements... is this truly the case? Thanks guys.
0
Comment
Question by:isaacr25
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 30

Accepted Solution

by:
Rich Weissler earned 1000 total points
ID: 33511011
> a system account is automatically created.
Yes
http://support.microsoft.com/kb/120929
"The system account and the administrator account (Administrators group) have the same file privileges, but they have different functions. The system account is used by the operating system and by services that run under Windows. There are many services and processes within Windows that need the capability to log on internally (for example during a Windows installation). The system account was designed for that purpose; it is an internal account, does not show up in User Manager, cannot be added to any groups, and cannot have user rights assigned to it. On the other hand, the system account does show up on an NTFS volume in File Manager in the Permissions portion of the Security menu. By default, the system account is granted full control to all files on an NTFS volume. Here the system account has the same functional privileges as the administrator account. "

> this system account has no password,
Yes
http://msdn.microsoft.com/en-us/library/ms684190%28VS.85%29.aspx
"The name of the account in all locales is .\LocalSystem. The name, LocalSystem or ComputerName\LocalSystem can also be used. This account does not have a password. "

> uses an anonymous logon.
Not really - It's using it's own special type of logon.  *worry*  Does that help?

0
 

Author Comment

by:isaacr25
ID: 33512282
Very helpful. Does this pose any security issues? If not, how are the security risks mitigated?
0
 
LVL 30

Assisted Solution

by:Rich Weissler
Rich Weissler earned 1000 total points
ID: 33512398
Yes, it does pose some security concerns, but programs have to run under some security context... so in some ways its a protected account.  (I haven't looked at a *nix system in a while, but I believe the roughly equivalent concept would be the daemon accounts used to run services that also don't have real passwords, so they can't be used to log in...)

The system account can't be used to log into a system, and you usually need elevated privileges to run a program under system account permissions.  It's one of the targets for hackers, so when something is discovered that does allow access, the update to close that hole is usually forthcoming as a critical security patch...
0
Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

 
LVL 3

Assisted Solution

by:Emileneth
Emileneth earned 1000 total points
ID: 33524740
-System is the default for automated application that needs to run in high privilege all the time, like Windows Installer service
-System is not accessible for "outside" login
-This account dont need password, pre-authorized via privileged install
-Cannot have personal profile folders, can use the All folders and drives

-Local Service and Network Service account are similar but dont work with privileges, useful for already installed services like apache that once installed dont need privileges anymore
-Local Service is intended to be accessed only from local host in client server model
Network Service is intended to be accessed anywhere in client server model
-This accounts dont need passwords, pre-authorized via privileged install
-Have its special "Documents and Settings" to store its stuff like any low priv. user

-Sadly this security model is not used properly by MS or 3rd parties

-Hackers target for Administrator. Or exploit some unsecure buffer in any process running at high level, to get Administrator ultimately

* Only console accounts can run processes with windows
0
 
LVL 3

Assisted Solution

by:Emileneth
Emileneth earned 1000 total points
ID: 33524930
In last post

About console accounts
Do not get confused with "console apps", windows is a GUI OS, a console account is the ones with access to the GUI, even windows termial services are graphical.
Services are windowless and work similar as "win32 console apps", in wich case any attempt to interact with te UI via a hacked service is denied, usualy trojans drop a windows app for this means
0
 

Author Comment

by:isaacr25
ID: 33525004
Great info guys!

Another question: would any activity by these system accounts have the same event id as an actual person logging onto his/her pc, for instance?
0
 
LVL 3

Expert Comment

by:Emileneth
ID: 33525048
Generally events are rised by applications, but the "Auditory" service drops the same event id with the user as parameter
0
 
LVL 3

Expert Comment

by:Emileneth
ID: 33525082
Too bad that parameter is optional
0
 
LVL 3

Expert Comment

by:Emileneth
ID: 33535567
Seems like the last post was not accurate

The instance you pointed
Security events register login attempts the same way as other accounts

What i meant in the last posts was that events are rised by applications or services, windows components treat the same way the accounts, other kinds of activities needs to be logged by the applications, and most of them are not programmed to log them

Windows security logging can be configured, but is outside of this subject
0
 

Author Closing Comment

by:isaacr25
ID: 33535978
Thanks guys! Great info!
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are many software programs on offer that will claim to magically speed up your computer. The best advice I can give you is to avoid them like the plague, because they will often cause far more problems than they solve. Try some of these "do it…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question