SharePoint Tip of the Day – Who is the LocalSystem account used to run the Administration Service (SPAdminV4) ?


Localsystemaccount

Even on least privileges installation of your farm, the SPAdminV4 services will run under the Local System account (be sure to read this reference table : http://nikspatel.wordpress.com/2010/12/24/sharepoint-2010-service-account-references-for-least-privileged-installation/ and this – for SP 2007 but still as valid for 2010 / 2013 : http://technet.microsoft.com/en-us/library/cc288210%28v=office.12%29.aspx) but ‘who’ is this built-in account ?

The LocalSystem account has extensive privileges on the local computer, and acts as the computer on the network. Its token includes the NT AUTHORITYSYSTEM and BUILTINAdministrators SIDs; these accounts have access to most system objects. The name of the account in all locales is .LocalSystem. The name, LocalSystem or ComputerNameLocalSystem can also be used. This account does not have a password.

One advantage of running under the LocalSystem account is that the service has complete unrestricted access to local resources. This is also the disadvantage of LocalSystem because a LocalSystem service can do things that would bring down the entire system

(http://msdn.microsoft.com/en-us/library/windows/desktop/ms684190%28v=vs.85%29.aspx & http://msdn.microsoft.com/en-us/library/windows/desktop/ms677973%28v=vs.85%29.aspx)

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s