Re: Local System account and network resource access
- From: "Pegasus \(MVP\)" <I.can@xxxxxxx>
- Date: Tue, 21 Aug 2007 08:27:37 +0200
You might want to reflect about what you can expect in a
newsgroup from a total stranger who is willing to give some
of his time to help you. IMHO it is unreasonable to expect
a respondent to do your homework for you. Instead of your
sarcastic reply I would have expected something like "Thank
you for your help - I will now do my own research".
If you're serious about this question and if you're prepared
to pay for an answer then there is always "Google paid questions":
https://answers.google.com/answers/main?cmd=myquestions
"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:30266E50-6D85-4072-AD59-10261EF57347@xxxxxxxxxxxxxxxx
A plain answer like this is inspiring.
"Pegasus (MVP)" wrote:
See below.
"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:EEE13377-E598-427D-841F-26E1F432F788@xxxxxxxxxxxxxxxx
Sorry you must read my post wrongly when you place your last response,
which
is not helpful at all. If we want to continue running a scheduled task
under
a domain account, there wasn't any issues, no issues at all.
*** Great.
I want to ask if a scheduled task is running under the local system
account
(NT AUTHORITY/SYSTEM), can it access network resource ? (such as
reading/writing a file in another computer). I know your previous
answer
was
negative. Do you know where is the MS reference article I can refer to,
to
confirm this?
*** No, I don't. I suggest you do some googling.
Initially I thought the access should present no problems. This is
because
when we define the share permission of a folder, it is possible to
select
a
'computer' grant permission to that computer. This is entered with
"domainName\computerName$", after checking "computer" in object type.
But
I
find my test fails (it gives out 'access denied').
*** I'm not surprised. I can see these options for you:
a) Accept what experienced server/network administrators tell
you and use a domain account.
b) Spend the time and energy to get to the bottom of this issue
by drilling down into the MS Knowledge Base. This could be
a time-consuming exercise but it will give you a deep sense of
satisfaction when you find the authoritative answer you're
looking for. I bet that you will be directed back to Option a).
"Pegasus (MVP)" wrote:
If a domain account has access to a shared resource then
this domain account can be used either for console sessions
or for scheduled tasks. Test the account in the foreground
first, then use it under the Task Scheduler.
Note that accounts used by the Task Scheduler ***must***
have a non-blank password.
"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:5560A8D3-83FD-4ECD-8508-DC2C5228B4CF@xxxxxxxxxxxxxxxx
No, we don't have any problem to do what we try to do via a
scheduled
task
if
it is run under a normal user acccount.
Then someone suggests we should be able to do the same without a
(Domain)
user account and he said he had seen some tasks running that access
shared
resources without problem. I tried very hard for many hours but
still
receiving the "access denied" message. That is why I ask here.
If there no ways we can specify a share that allows the scheduled
task
to
access network resource, our discussion (within IT team in our
Company)
is
over.
"Pegasus (MVP)" wrote:
As I said, the System account has no access to shared resources.
If it had access then this would open a nice can of works, e.g.
issues with passwords and issues with accessing shares on
other computers for which you have no access privileges.
If you explain what you're actually trying to do then someone
may offer a solution that does not involve the System account.
"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BAA7BC71-B14E-46BD-B419-20756439A43E@xxxxxxxxxxxxxxxx
<quote> The local System account cannot access any networked
resources.
This is by design. </quote>
Is there are exceptions? When we define a share in machine1, I
thought
we
can if delete all users in the permission list but add a machine
name
(domanName\machine2$) in the permission list, that would mean I
allow
this
share to be accessable by ANY users ( including a local system
user )
as
long
as the user sits on machine2.
"Pegasus (MVP)" wrote:
"ykffc" <ykffc@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F79F2FCE-8AB4-4AEC-BC41-0E534BDAE37B@xxxxxxxxxxxxxxxx
Does anyone know whether the system account NT
AUTHORITY/SYSTEM
is
able
to
access network resource like ordinary authenticated user?
According to my research it appears it should be able. I have
tried
it
but
it always give me an "Access denied" error message. I simply
try
to
do
a
"dir
\\xxx.xx.xx.xx\shareName" command.
Everything works for me with what was described in the
following
link
(except I can't access network resource).
http://security.fnal.gov/cookbook/LocalSystem.html
No. The local System account cannot access any networked
resources.
This is by design.
.
- References:
- Re: Local System account and network resource access
- From: Pegasus \(MVP\)
- Re: Local System account and network resource access
- From: Pegasus \(MVP\)
- Re: Local System account and network resource access
- From: ykffc
- Re: Local System account and network resource access
- From: Pegasus \(MVP\)
- Re: Local System account and network resource access
- From: ykffc
- Re: Local System account and network resource access
- From: Pegasus \(MVP\)
- Re: Local System account and network resource access
- From: ykffc
- Re: Local System account and network resource access
- Prev by Date: Re: Local System account and network resource access
- Next by Date: Re: Need help Moving files and folders - Automated (not as easy as you would think)
- Previous by thread: Re: Local System account and network resource access
- Next by thread: Re: Local System account and network resource access
- Index(es):
Relevant Pages
|
Loading
