Re: system user

"have the LOCAL SYSTEM process impersonate that user ",this is my need.But
I don't know how to do ,can y tell me?
"Ray Trent" <ratrent@xxxxxxxxxxxxx>
??????:#kWFsuQQFHA.3704@xxxxxxxxxxxxxxxxxxxxxxx
> The SYSTEM account has unlimited privileges (typically) on the local
> machine, but it has no credentials at all on some other host out there
> in the world, as far as I know. Hence it is usually referred to as the
> LOCAL SYSTEM account (though now that I look I don't see anything like
> that in the user namespace... instead it seems to be SYSTEM).
>
> Theoretically you might be able to grant access to "<hostname>\\SYSTEM"
> on the files that you want to access on the network, but a better
> solution (especially in a domain) would be to have an actual user
> account, very much preferably that of the user that is actually logged
> in, and grant that account access. Then have the LOCAL SYSTEM process
> impersonate that user when trying to access the file.
>
> I'm guessing that the reasoning for not letting SYSTEM have access to
> remote files is a security one. Since the SYSTEM account is the same no
> matter what user is logged on (or what process is trying to gain
> access), there's no way to track accesses to the file.
>
> >I want to use zwCreateFile to open a network file in the system
> process.but
> >It 's always failed.I think it's caused by the privileges of system
user.
> "Ray Trent" <ratrent@xxxxxxxxxxxxx>
> ??????:#xcTwNFQFHA.3076@xxxxxxxxxxxxxxxxxxxxxxx
> > Yes, that's typically the LOCAL SYSTEM account. And no, you can't modify
> > it's privileges significantly without screwing up the whole OS.
> >
> > Once again, though: What are you *really* trying to accomplish by this?
> > There is no reason I can think of to want to do what you're asking...
> >
> > zengfeng wrote:
> > > When y open the task manager,y will see some thread which create by
> system
> > > user. I think It's created by OS.
> > > "Pavel A." <pavel_a@xxxxxxxxxxxxxxx> дÈëÏûÏ¢ÐÂÎÅ
> > > :275F6E9B-FC45-4F3F-9BE5-745AC245C6DE@xxxxxxxxxxxxxxxx
> > >
> > >>"zengfeng" wrote:
> > >>
> > >>>Does the privilege of system user can be modified?If can ,How to do
it
> ?
> > >>>
> > >>
> > >>What is "system user" - Local System?
> > >>
> > >>--
> > >>
> > >
> > >
> > >
> >
> > --
> > ../ray\..
>


.

Relevant Pages

  • Re: system user
    ... "have the LOCAL SYSTEM process impersonate that user ",this is my need.But ... LOCAL SYSTEM account (though now that I look I don't see anything like ...
    (microsoft.public.development.device.drivers)
  • Re: Additional Info
    ... Somehow I doubt that - the local system account has the highest ... privileges there are in a system (higher then administrator). ... you have SQL server or MSDE installed on the machine where you had the ...
    (microsoft.public.dotnet.languages.vb)
  • Re: program runs only when a user is logged in setting
    ... local system account password wasn't in sync with the AD. ... prompt running under the local system context. ... > account is not a part ofd the admin group the install will fail. ...
    (microsoft.public.sms.swdist)
  • Re: system user
    ... > Look for "Client impersonation" in the SDK documentation. ... >>>LOCAL SYSTEM account (though now that I look I don't see anything like ... Then have the LOCAL SYSTEM process ...
    (microsoft.public.development.device.drivers)
  • Exchange Services Fail to Start Using LocalSystem Account...
    ... In the past few days I applied a custom Group Policy template to my domain ... Attendant and MTA stacks fail to start when logging on using the Local System ... I've also made sure to add the System account to the local drives. ... sure what else to do and my server has been inoperable for several days. ...
    (microsoft.public.exchange.admin)