On 2 February 2010 21:48, Laird Nelson <ljnel...@gmail.com> wrote: > OK; leery of running my Tomcat as the administrator, but am not up to speed > on which Windows users would be better choices. I naturally assumed that > the local user selected by default was appropriate.
LocalSystem can impersonate any user on the computer, but has no rights over the network. It's actually a very highly privileged account - if an application running as LocalSystem wanted to, it could impersonate the local Administrator account without requiring a password. There are a few niceties about what that impersonated Administrator account could do... but not many. If you doubt this, note that IIS runs as LocalSystem and uses impersonation to handle integrated login - it just sets the thread handling the request to the required identity before handling the request, and sets it back afterwards ;-). >> I believe you can also download resource kit from Microsoft that has tools >> that lets you watch all objects opened by a process ( so, look if Tomcat is >> even trying to open the file ). Its been a while, so don't recall tool >> sytax. Process Explorer ( http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx ) would be my weapon of choice here. - Peter --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org