![]() has minimum privileges on the local computer and acts as the computer on the network." NT AUTHORITY\NetworkService ( S-1-5-20 also displayed as simply "NETWORK SERVICE") "is a predefined local account used by the service control manager.has minimum privileges on the local computer and presents anonymous credentials on the network" NT AUTHORITY\LocalService ( S-1-5-19 also displayed as simply "LOCAL SERVICE") "is a predefined local account used by the service control manager.Well-known SIDs which are not grouped together under some other name are sometimes displayed with the NT AUTHORITY\ prefix, e.g.: ![]() S-1-5-80-serviceHash is for NT SERVICE\(service name).S-1-5-21-domainID- is for custom Active Directory domains ( MYDOMAIN\.). ![]() are displayed as NT AUTHORITY\, but it ain't so - many of the subbranches have their own prefixes in the human-readable form, for example: You might assume at this point that the SIDs starting with S-1-5. They came up with a few universal authorities, like SECURITY_WORLD_SID_AUTHORITY ( S-1-1) which produces only one SID S-1-1-0 meaning "Everyone" but the majority of the SIDs in use start with S-1-5 - the prefix for the "NT authority", used to produce SIDs in the NT-based operating systems (i.e. In addition, there are well-known SIDs that are meaningful only on Windows systems. There are universal well-known SIDs, which are meaningful on all secure systems using this security model, including operating systems other than Windows. Whoever came up with this design for Windows NT was aiming to make it rather general-purpose: The trustees are uniquely identified by SIDs, which are strings starting with S-1- and can be formatted as human-readable strings such as NT AUTHORITY\SYSTEM for S-1-5-18. In Windows ACLs (access-control lists), permissions are applied to trustees - users, groups, or other security principals. (I wouldn't turn off any services unless you know precisely what it's for, though. Here an article that goes into a bit more technical detail. (The BITS service, for example, downloads updates in the background.) There are an awful lot of services that run and the token NT_SERVICE is used as a way to distinguish them from other things. A creative use of your preferred search engine can help you find even more.Įssentially the same thing run on behalf of a service, which is (essentially) a utility that runs in the background. More background can be found in this thread and on various locations of MSDN. The tokens on the right side of the slash refer to individual internal service "users" of the OS.For example, NT AUTHORITY\SYSTEM handles system services, NT AUTHORITY\LOCAL SERVICE does local services, NT AUTHORITY\NETWORK SERVICE is network services, and so on. More officially, it's the parent for a set of service users that handle background tasks and maintenance operations. ![]() You can think of it as a surrogate for Windows itself. The "NT" token is basically a legacy token left from earlier times. Those eventually grew into Windows Vista, 7, 8.x, and the soon to be released 10. Starting with Windows 2000, the various versions were combined on a version based on Windows NT 4. It contrasted with the less strict, less secure Windows 9.x kernels used in Windows 98, 98, and earlier versions. (At first, NT meant New Technology, a version of the OS generally meant for businesses. Or perhaps as "things the OS authorizes on your behalf." If you're willing to play a little fast and loose with the definitions, NT_AUTHORITY essentially refers to the Windows operating system itself. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |