Each Win32 service runs in a user account. When starting a service, the Service Control Manager executes the process in the security context of the account associated with the service by logging on the process.
A service which runs in a process by itself can be installed to run with an account from either the built-in, primary, or trusted domain. If multiple services share the same process, the services must be set up to run with the LocalSystem account. This restriction exists because the LocalSystem account is a default system account that does not have to be managed by the system administrator. A domain account, on the other hand, may become invalid because the password could expire, or the account may be deleted accidentally. It simplifies the job of the system administrator to update the account information of one service when the need arises.
The username and password of an account are specified at the time the service is installed. The Service Control Manager stores the username in the registry and the password in a secure portion of the LSA.
The Service Control Manager periodically changes the passwords of service user accounts so that they are not expired by the time the services are to be started. Since passwords are updated automatically, the same user account assigned to a service process cannot be used by another service process or a person that has to logon to the same domain.
The same service running on different workstations should have individual user accounts that belong to the same group if the service needs to run in a distributed manner on the network.