-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Avoid lookups for rights of 'LocalSystem' in windows service #7083
Conversation
5b0fed7
to
c446755
Compare
@stuartpreston
versus:
|
|
The right adds fine with
|
So TIL, I had assumed that all three of these special accounts would have the same behavior when assigning tokens but clearly not. I agree with you about not making too many assumptions. Thanks @btm |
LocalSystem is a special account for the service subsystem, and the security subsystem doesn't know about it. It inherits rights from BUILTIN\Administrators so we don't need to check it for SeServiceLogonRight. Even if we look up System it wouldn't show up as it gets that right from hidden membership in BUILTIN\Administrators. Signed-off-by: Bryan McLellan <btm@loftninjas.org>
c446755
to
0698cce
Compare
+1 on this, fine for merge |
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
LocalSystem is a special account for the service subsystem, and the security
subsystem doesn't know about it. It inherits rights from BUILTIN\Administrators
so we don't need to check it for SeServiceLogonRight. Even if we look up System
it wouldn't show up as it gets that right from hidden membership in
BUILTIN\Administrators.