Network/Local Services Accounts?

For system help, all hardware / software topics NOTE: use Coders Corner for all coders topics.

Moderators: Krom, Grendel

Post Reply
User avatar
Tyranny
DBB Defender
DBB Defender
Posts: 3399
Joined: Sun Nov 10, 2002 3:01 am
Location: Phoenix, Arizona

Network/Local Services Accounts?

Post by Tyranny »

I noticed two new folders in my Documents and Settings dir while looking in Ad-Aware that aren't visible in Windows even though "show hidden files and folders" is ON.

One is called LocalService and the other NetworkService. Doing a search I come up with..
LocalService Account

The LocalService account is a predefined local account. It has minimum privileges on the local computer and presents anonymous credentials on the network. The name of the account in all locales is NT AUTHORITY\LocalService. This account does not have a password. If you specify the LocalService account in a call to the CreateService function, any password information you supply is ignored.

The user SID is created from the SECURITY_LOCAL_SERVICE_RID value.

The LocalService account has its own subkey under the HKEY_USERS registry key. Therefore, the HKEY_CURRENT_USER registry key is associated with the LocalService account.

The LocalService account has the following privileges:

* SE_AUDIT_NAME
* SE_CHANGE_NOTIFY_NAME
* SE_UNDOCK_NAME
* Any privileges assigned to users and authenticated users


Windows 2000 and Windows NT: This account is not supported.
and...
The NetworkService account is a predefined local account. It has minimum privileges on the local computer and acts as the computer on the network. The name of the account in all locales is NT AUTHORITY\NetworkService. This account does not have a password. If you specify the NetworkService account in a call to the CreateService function, any password information you supply is ignored.

A service that runs in the context of the NetworkService account presents the computer's credentials to remote servers. By default, the remote token contains SIDs for the Everyone and Authenticated Users groups. The user SID is created from the SECURITY_NETWORK_SERVICE_RID value.

The NetworkService account has its own subkey under the HKEY_USERS registry key. Therefore, the HKEY_CURRENT_USER registry key is associated with the NetworkService account.

The NetworkService account has the following privileges:

* SE_AUDIT_NAME
* SE_CHANGE_NOTIFY_NAME
* SE_UNDOCK_NAME
* Any privileges assigned to users and authenticated users


Windows 2000 and Windows NT: This account is not supported.
I don't remember ever seeing either one of these while doing a spyware scan before. On top of that I had some online scan on a website report that spyware or virii were detected in one of them, but Ad-aware comes up with nothing when scanning them and Norton AV doesn't even see the directories to be able to scan them.

Personally, I thought that the online scan was BS, but it does have me a little concerned. I can't log into these accounts at all even though there are no passwords specified for them. My question is, what can I do to make them visible to Norton so I can scan them and make sure they're clean of virii? and are they really necessary to have in the Documents and Settings folder as I don't recall them ever being there before?
User avatar
CDN_Merlin
DBB_Master
DBB_Master
Posts: 9781
Joined: Thu Nov 05, 1998 12:01 pm
Location: Capital Of Canada

Post by CDN_Merlin »

I have them also. I'm sure if you read the properties of that folder in TOOLS/FOLDER OPTIONS/VIEW you will of missed something that will show them.

I can see them in Explorer.
User avatar
Tyranny
DBB Defender
DBB Defender
Posts: 3399
Joined: Sun Nov 10, 2002 3:01 am
Location: Phoenix, Arizona

Post by Tyranny »

Found it, it was the "Hide protected Operating system files" option in Tools/Folder Options/View that needed to be unchecked and then I could see them in Explorer.

Norton didn't turn up anything so shouldn't be any problems. thx
Post Reply