Windows/Cyber Security: types of system service accounts

Created: 8/26/20

Updated: 8/26/20

Below are three service account types and each have there pros and cons. These are used typically on all servers and desktops.

:Local System:

Completely trusted account with rights to access the network as the machine
no password or profile
Extensive local computer privileges
Presents the computer’s credentials to remote servers

:Network Service:

Limited service account meant to run standard privileged services
Far more limited than local system, has rights to access the network
No password, uses Network Service profile
Minimal local computer privileges
Presents the computer credentials to remote servers

:Local Service:

Limited service account, operates like Network service; but run with JEA
No password, local services profile
Just enough administration, i.e least privilege
Anonymous credentials present to remote servers
Preferred method for services