Re: Local System account and network resource access

Sorry you must read my post wrongly when you place your last response, which
is not helpful at all. If we want to continue running a scheduled task under
a domain account, there wasn't any issues, no issues at all.

I want to ask if a scheduled task is running under the local system account
(NT AUTHORITY/SYSTEM), can it access network resource ? (such as
reading/writing a file in another computer). I know your previous answer was
negative. Do you know where is the MS reference article I can refer to, to
confirm this?

Initially I thought the access should present no problems. This is because
when we define the share permission of a folder, it is possible to select a
'computer' grant permission to that computer. This is entered with
"domainName\computerName$", after checking "computer" in object type. But I
find my test fails (it gives out 'access denied').


"Pegasus (MVP)" wrote:

If a domain account has access to a shared resource then
this domain account can be used either for console sessions
or for scheduled tasks. Test the account in the foreground
first, then use it under the Task Scheduler.

Note that accounts used by the Task Scheduler ***must***
have a non-blank password.


"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5560A8D3-83FD-4ECD-8508-DC2C5228B4CF@xxxxxxxxxxxxxxxx
No, we don't have any problem to do what we try to do via a scheduled task
if
it is run under a normal user acccount.

Then someone suggests we should be able to do the same without a (Domain)
user account and he said he had seen some tasks running that access shared
resources without problem. I tried very hard for many hours but still
receiving the "access denied" message. That is why I ask here.

If there no ways we can specify a share that allows the scheduled task to
access network resource, our discussion (within IT team in our Company) is
over.

"Pegasus (MVP)" wrote:

As I said, the System account has no access to shared resources.
If it had access then this would open a nice can of works, e.g.
issues with passwords and issues with accessing shares on
other computers for which you have no access privileges.

If you explain what you're actually trying to do then someone
may offer a solution that does not involve the System account.


"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BAA7BC71-B14E-46BD-B419-20756439A43E@xxxxxxxxxxxxxxxx
<quote> The local System account cannot access any networked resources.
This is by design. </quote>

Is there are exceptions? When we define a share in machine1, I thought
we
can if delete all users in the permission list but add a machine name
(domanName\machine2$) in the permission list, that would mean I allow
this
share to be accessable by ANY users ( including a local system user )
as
long
as the user sits on machine2.




"Pegasus (MVP)" wrote:


"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F79F2FCE-8AB4-4AEC-BC41-0E534BDAE37B@xxxxxxxxxxxxxxxx
Does anyone know whether the system account NT AUTHORITY/SYSTEM is
able
to
access network resource like ordinary authenticated user?

According to my research it appears it should be able. I have tried
it
but
it always give me an "Access denied" error message. I simply try to
do
a
"dir
\\xxx.xx.xx.xx\shareName" command.

Everything works for me with what was described in the following
link
(except I can't access network resource).
http://security.fnal.gov/cookbook/LocalSystem.html


No. The local System account cannot access any networked resources.
This is by design.









.

Relevant Pages

  • Re: task scheduler inconsistencies
    ... > I have a scheduled task set up to start each morning (using Windows ... > right click over the task in the task scheduler window and select Run, ... Running a scheduled task under your own account is ...
    (microsoft.public.win2000.general)
  • Re: Unable to remove remembered drives
    ... Who are you running the scheduled task as? ... Does the account have rights to the network resource? ...
    (microsoft.public.scripting.vbscript)
  • Re: Scheduled Tasks and passwords
    ... Windows are *not* single-user operating systems. ... under that account specified within the job. ... Task Scheduler wizard for that). ... If the SYSTEM account then the installer ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Scheduled Tasks problem
    ... I didnt mean the actual built in Admin account. ... Its a User Account created with Administrator rights. ... >> scheduler would not do anything at the specified time. ...
    (microsoft.public.windowsxp.general)
  • Re: Schedule a task as a Limited user
    ... I added a password to my Limited account and, sure enough, everything worked ... Additionally when the Task Scheduler service runs a job by using a specific ... is also the account of the current logged-on user. ... | If I log on with Limited rights, I can create a Scheduled Task (giving the ...
    (microsoft.public.windowsxp.newusers)
Loading