SCCM and some Windows management tools make use of Windows SYSTEM account mentioned above.
Is it considered an interactive or non-interactive account since it has no user profile (unlike administrator)?
Can we set a password to SYSTEM ? Or it has an unknown password?
When using the tools (possibly psexec & SCCM) to get to command prompt of the managed endpoint,
are the activities (ie when the command prompt is spawned, mappings of drive using 'net use ...' or
sharing of drive using 'net share ...' being logged in Windows event viewer logs ?