LocalService
The best way to describe and set apart the LocalService account is to say that it is a pre-defined local account, used by the service control manager. One NOT recognized by the security subsystem, with minimum privileges on the local computer, presenting anonymous credentials on the network.
Also referred to or named the NT AUTHORITY\LOCALSERVICE, having NO password.
The user SID is created from the SECURITY_LOCAL_SERVICE_RID value
Sports its own subkey under the HKEY_USERS registry key (associated with the LocalService account)
The LocalService account has the following rights, access and privileges:
SE_ASSIGNPRIMARYTOKEN_NAME (disabled)
SE_AUDIT_NAME (disabled)
SE_CHANGE_NOTIFY_NAME (enabled)
SE_CREATE_GLOBAL_NAME (enabled)
SE_IMPERSONATE_NAME (enabled)
SE_INCREASE_QUOTA_NAME (disabled)
SE_SHUTDOWN_NAME (disabled)
SE_UNDOCK_NAME (disabled)
Any privileges assigned to users and authenticated users
So to summarize, it is a non-privileged user on a local computer, presenting anonymous credentials to remote servers. Used best to minimize security risks. It is a service user account that runs with very limited privileges (see also LocalSystem for ‘opposite’).
Key Exam Points
- Location, Access, Creation, Use LocalService, C# and VB, .NET Frameworks environments and programming
- For the exam, study practical and hands-on, illustrative, real-life, step-by-step examples for LocalService applications and usages, that help you to gain a better understanding and mastery of this topic and its related matters, implications and risks.
- Take the practice test, answer Q & A sample questions, studying the answers in detail.
Related Terms
This article is based on the 2nd edition of the Microsoft .Net Framework Application Training Kit with the purpose to help 70-536 Exam takers to succeed. I constantly look for ways to improve the content. Please leave a comment about this article or drop me a message if you would like to see changes for this site.
