Network/Local Services Accounts?
Posted: Tue Apr 06, 2004 2:22 pm
I noticed two new folders in my Documents and Settings dir while looking in Ad-Aware that aren't visible in Windows even though "show hidden files and folders" is ON.
One is called LocalService and the other NetworkService. Doing a search I come up with..
Personally, I thought that the online scan was BS, but it does have me a little concerned. I can't log into these accounts at all even though there are no passwords specified for them. My question is, what can I do to make them visible to Norton so I can scan them and make sure they're clean of virii? and are they really necessary to have in the Documents and Settings folder as I don't recall them ever being there before?
One is called LocalService and the other NetworkService. Doing a search I come up with..
and...LocalService Account
The LocalService account is a predefined local account. It has minimum privileges on the local computer and presents anonymous credentials on the network. The name of the account in all locales is NT AUTHORITY\LocalService. This account does not have a password. If you specify the LocalService account in a call to the CreateService function, any password information you supply is ignored.
The user SID is created from the SECURITY_LOCAL_SERVICE_RID value.
The LocalService account has its own subkey under the HKEY_USERS registry key. Therefore, the HKEY_CURRENT_USER registry key is associated with the LocalService account.
The LocalService account has the following privileges:
* SE_AUDIT_NAME
* SE_CHANGE_NOTIFY_NAME
* SE_UNDOCK_NAME
* Any privileges assigned to users and authenticated users
Windows 2000 and Windows NT: This account is not supported.
I don't remember ever seeing either one of these while doing a spyware scan before. On top of that I had some online scan on a website report that spyware or virii were detected in one of them, but Ad-aware comes up with nothing when scanning them and Norton AV doesn't even see the directories to be able to scan them.The NetworkService account is a predefined local account. It has minimum privileges on the local computer and acts as the computer on the network. The name of the account in all locales is NT AUTHORITY\NetworkService. This account does not have a password. If you specify the NetworkService account in a call to the CreateService function, any password information you supply is ignored.
A service that runs in the context of the NetworkService account presents the computer's credentials to remote servers. By default, the remote token contains SIDs for the Everyone and Authenticated Users groups. The user SID is created from the SECURITY_NETWORK_SERVICE_RID value.
The NetworkService account has its own subkey under the HKEY_USERS registry key. Therefore, the HKEY_CURRENT_USER registry key is associated with the NetworkService account.
The NetworkService account has the following privileges:
* SE_AUDIT_NAME
* SE_CHANGE_NOTIFY_NAME
* SE_UNDOCK_NAME
* Any privileges assigned to users and authenticated users
Windows 2000 and Windows NT: This account is not supported.
Personally, I thought that the online scan was BS, but it does have me a little concerned. I can't log into these accounts at all even though there are no passwords specified for them. My question is, what can I do to make them visible to Norton so I can scan them and make sure they're clean of virii? and are they really necessary to have in the Documents and Settings folder as I don't recall them ever being there before?