The LocalSystem Account
The LocalSystem account is a predefined local account used by system processes. The name of the account is .\System. This account does not have a password. If you specify the LocalSystem account in a call to the CreateService function, any password information you supply is ignored.
A service that runs in the context of the LocalSystem account inherits the security context of the SCM. It is not associated with any logged-on user account and does not have credentials (domain name, user name, and password) to be used for verification. This has several implications:
-
The service cannot open the registry key HKEY_CURRENT_USER.
-
The service can open the registry key HKEY_LOCAL_MACHINE\SECURITY.
-
The service has limited access to network resources, such as shares and pipes, because it has no credentials and must connect using a null session. The following registry key contains the NullSessionPipes and NullSessionShares values, which are used to specify the pipes and shares to which null sessions may connect:
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
LanmanServer\Parameters
-
Alternatively, you could add the REG_DWORD value RestrictNullSessAccess to the key and set it to 0 to allow all null sessions to access all pipes and shares created on that machine.
-
The service cannot share objects (pipes, file mapping, synchronization, and so on) with other applications, unless it creates them using either a DACL which allows a user or group of users access to the object or a NULL DACL, which allows everyone access to the object. Note that specifying a NULL DACL is not the same as specifying NULL. If you specify NULL in the lpSecurityDescriptor member of the SECURITY_ATTRIBUTES structure, access to the object is granted only to processes with the same security context as the process that created the object. For information on specifying a NULL DACL in the security descriptor field, see Allowing Access Using the Low-Level Functions.
-
If the service opens a command window and runs a batch file, the user could hit CTRL+C to terminate the batch file and gain access to a command window with LocalSystem permissions.