What is the SYSTEM?

Created on 2003-02-25 by Rainer Gerhards.

Account used by the operating system to run services, utilities, and device drivers.

This account has unlimited power and access to resources that even Administrators are denied, such as the Registry’s SAM.

The local SYSTEM account is unable to access any Windows networking fuctions. This is by design (It would have large security implications if it could...). It can initiate IP-based commincation, but Windows-based communication is not an option. A typical example for Windows-based communication would be accessing files via Windows networking.

If you need such functionality for your service, you must select a different account. In such case, make sure that the selected account does have all required user rights - it needs at least "log on as a service". For Windows 2000, run gpedit.msc and try looking under computer configuration, windows settings, security settings, local policies, user rights assignments, log on as a service.

This information was verified with Windows 2000.

Would you like to discuss this object? Have a look at our Windows event forum or post a question there!

Analysis, monitoring, near-real-time alerting of the Windows event log can be done with by MonitorWare Agent.

All information in this section is to the best of our knowledge but without warrenty of any kind. This is free information - use it at your sole risk.

[Back to the Security Reference]


Back to Non-Printer Version