Re: Groups called SELF and SYSTEM

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: "Paul Williams [MVP]" <ptw2001@xxxxxxxxxxx>
Date: Thu, 17 Nov 2005 07:41:38 -0000

Those are well known security principals - not groups. SYSTEM is the
security context of the local system and has full administrative rights and
permissions on the local system - this has the most rights. When services
run as Local System, they are running under this security context.

SELF is a principal used to grant the user in question permissions to
itself. For example, SELF might have a number of permissions to properties
on a user object that Authenticated Users do not. This is so that each user
can update their own properties for example. SELF might have a bunch of
permissions to a mailbox. This stops each object from having explicit ACEs
for the object itself.

As an example, Authenticated Users is also a well known security principal.
When you authenticate, this principal's SID is added to your access token.

--
Paul Williams
Microsoft MVP - Windows Server - Directory Services
http://www.msresource.net | http://forums.msresource.net

.

Prev by Date: Re: How to get rid of the "lock" sysmbol in domain policy
Next by Date: Re: Moving AD from public Domain to a .Local
Previous by thread: Re: How to get rid of the "lock" sysmbol in domain policy
Next by thread: Re: Moving AD from public Domain to a .Local
Index(es):
- Date
- Thread

Relevant Pages

Re: Event ID 10010 DCOM error on SBS 2008
... One of the steps, outlined below, mentions "Local System" permissions ... Local Lunch and Local Activation permissions. ... check your install for Local System in those permission lists? ...
(microsoft.public.windows.server.sbs)
Re: Event ID 10010 DCOM error on SBS 2008
... I don't have an SBS 08 nearby to compare permissions. ... I don't think you're likely to have any issues with adding Local System, especially if you've seen that documented. ... Local Lunch and Local Activation permissions. ... of you check your install for Local System in those permission lists? ...
(microsoft.public.windows.server.sbs)
Re: Event ID 10010 DCOM error on SBS 2008
... One of the steps, outlined below, mentions "Local System" permissions ... Local Lunch and Local Activation permissions. ... of you check your install for Local System in those permission lists? ...
(microsoft.public.windows.server.sbs)
Re: SQL Server Service User Account
... "Local System" is actually worse than a custom local administrative account because it has even more permissions initially (of course, any administrator can grant themselves the same permissions because, well, they're *administrators*). ... For example, it no longer matters if you've set up your SQL Server to use Windows authentication or encryption, because the compromised service can be used to read the data files or system memory directly. ...
(microsoft.public.sqlserver.server)
Re: IIS 6.0 CGI pipe broken...
... We have the CGI app pool set to Local System. ... permissions than Local System. ... We also have set the windows and system32 folders read and execute ... No but it displays an error that means that it can't access its ini file. ...
(microsoft.public.inetserver.iis.security)