Click here to get back home

Is local system account member of local Administrators group?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
Is local system account member of local Administrators group? Peter Rus 06-21-2005
Posted by Peter Rus on June 21, 2005, 11:33 am
Please log in for more thread options
 Colleagues,

Is local system account member of local Administrators group?

Thank you very much and best regards,

Peter




Posted by Roger Abell on June 21, 2005, 6:47 am
Please log in for more thread options
 I have seen MS docs stating the System is a "hidden member"
of Administrators.

--
Roger Abell
Microsoft MVP (Windows Security)

> Colleagues,
>
> Is local system account member of local Administrators group?
>
> Thank you very much and best regards,
>
> Peter
>
>




Posted by Peter Rus on June 22, 2005, 3:22 pm
Please log in for more thread options
Hello Roger,

I try to explain why I am asking ...

Imagine security template with permissions set for file system.
Imagine hypotetical action, that permissions for %systemroot%\system32
directory are set for Administrators (Full), and Users (Read), but there is
no entry for local SYSTEM account.
Will this create problems?
Well, this is only hypotetical question, I am simply curious.

Thank you and best regards,

Peter


> I have seen MS docs stating the System is a "hidden member"
> of Administrators.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> > Colleagues,
> >
> > Is local system account member of local Administrators group?
> >
> > Thank you very much and best regards,
> >
> > Peter
> >
> >
>
>




Posted by Roger Abell on June 22, 2005, 6:59 am
Please log in for more thread options
I have not noticed problems. I believe one often sees independent and
explicit grant to System in order to guarantee things keep working if
the grant to Administrators is removed.

--
Roger Abell
Microsoft MVP (Windows Security)

> Hello Roger,
>
> I try to explain why I am asking ...
>
> Imagine security template with permissions set for file system.
> Imagine hypotetical action, that permissions for %systemroot%\system32
> directory are set for Administrators (Full), and Users (Read), but there
is
> no entry for local SYSTEM account.
> Will this create problems?
> Well, this is only hypotetical question, I am simply curious.
>
> Thank you and best regards,
>
> Peter
>
>
> > I have seen MS docs stating the System is a "hidden member"
> > of Administrators.
> >
> > --
> > Roger Abell
> > Microsoft MVP (Windows Security)
> >
> > > Colleagues,
> > >
> > > Is local system account member of local Administrators group?
> > >
> > > Thank you very much and best regards,
> > >
> > > Peter
> > >
> > >
> >
> >
>
>




Posted by S. Pidgorny on June 22, 2005, 7:28 pm
Please log in for more thread options
I hope that is incorrect simplification: administrators by default don't
have a privilege to act as a part of the system (which is required to switch
security context - - although admins can grant the right themselves) and
existence of hidden accounts would be a matter of concern.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

> I have seen MS docs stating the System is a "hidden member"
> of Administrators.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
>
> > Colleagues,
> >
> > Is local system account member of local Administrators group?
> >
> > Thank you very much and best regards,
> >
> > Peter
> >
> >
>
>




Similar ThreadsPosted
add user to local administrators group May 24, 2006, 4:00 am
Re-Enabling Local Administrators Account July 3, 2008, 2:37 am
Automatic certificate enrollment for local system failed after upgrading member server to domain controller August 25, 2005, 6:11 pm
OpenRowset : DSN : file-system permissions : Local System March 14, 2008, 10:23 am
Local Administrators September 1, 2006, 9:55 am
How to list member of local admin February 6, 2008, 1:23 pm
Allow user to install local printer without print operators member August 10, 2006, 11:44 am
local group / global group permissions problem August 18, 2005, 12:42 pm
Automatic certificate enrollment for local system failed August 3, 2006, 10:22 am
"the local policy of this system does not permit you to logon interactively" April 11, 2007, 5:15 pm

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap