LocalSystem has full control over the local machine, and can authenticate as machinename$ to remote machines (which is what would be required for services that are running as LocalSystem but need to access remote machines, without some proxy process). Additionally for LocalSystem to access shares on the same machine, it would still have full control (unless you change the perms). Anyhoo, the previous is merely technical limitations - i.e. what is possible. Am still curious to know why it shouldn't have that access.
Cheers Ken -----Original Message----- From: Kurt Buff [mailto:[email protected]] Sent: Tuesday, 14 June 2011 10:41 PM To: NT System Admin Issues Subject: Re: User accounts for shared folders I expected that System would have access to shares because they are normally for network access, and according to everything I've read, System doesn't have that. AFAIK, System is only for access to resources local to the machine. Someone else noted that System is used in DFS (FRS), which is surprising to me, but I don't think he'd be joshing me, so I believe him, because I have never had cause to use DFS. Now, if System can access shares that are local to the machine, that's perhaps not quite as surprising, but does seem a fairly odd way of doing things. Kurt On Tue, Jun 14, 2011 at 04:45, Ken Schaefer <[email protected]> wrote: > Why shouldn't "system" talk to shares? > > Cheers > Ken > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Tuesday, 14 June 2011 3:55 AM > To: NT System Admin Issues > Subject: Re: User accounts for shared folders > > Why would you do that, when System isn't supposed to be able to talk to > shares? Has something changed drastically in later versions of of Windows, > that is, after Win2k3? > > On Mon, Jun 13, 2011 at 12:45, Crawford, Scott <[email protected]> wrote: >> System on share permissions may be rare, but its certainly not out of the >> question. I've got share permissions that specify System. >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Monday, June 13, 2011 2:42 PM >> To: NT System Admin Issues >> Subject: Re: User accounts for shared folders >> >> On Mon, Jun 13, 2011 at 10:57, Tammy Stewart <[email protected]> >> wrote: >>> Ran into something interesting today t-shooting a virus issue on a network. >>> >>> On every share there is no system account listed. Only Domain admins >>> & domain users. >>> >>> My google kung-fu seems to be lacking today but is there >>> anything/reason why the system account would not show up? >>> >>> System account does exist on the machine – non shared directories have it. >>> Just the shares that seem affected. >>> >>> Windows 2003 domain (if that makes any difference) >>> >>> Not just the system with infected files on the shares – all the >>> servers are like this including clean ones (that have not been >>> touched by the virus yet) >>> >>> Anyone have any kb articles or something I can look at that would >>> explain this? (and hopefully put them back to normal) >>> >>> Thanks! >>> >>> Tammy ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
