Network Service account
E705218
The Network Service account is a built-in Windows service account with limited local privileges that accesses network resources using the computer’s credentials.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
Windows built-in service account
ⓘ
service account ⓘ |
| accesses | network resources ⓘ |
| authenticationMethod | computer account credentials ⓘ |
| availableSince | Windows 2000 and later ⓘ |
| canAccess |
domain resources permitted to the computer account
ⓘ
network shares using computer account ⓘ |
| canBeUsedFor | services that require network access ⓘ |
| cannot |
be assigned a password by administrators
ⓘ
be used for remote interactive logon ⓘ |
| category |
Windows security principal
ⓘ
built-in identity ⓘ |
| configuredVia |
Services management console
ⓘ
service configuration APIs ⓘ |
| contrastedWith |
Local Service account
ⓘ
Local System account ⓘ custom domain service accounts ⓘ |
| defaultGroupMembership |
Authenticated Users (on remote systems)
ⓘ
Users (local) ⓘ |
| hasLocalPrivileges | limited ⓘ |
| hasLogonRight | Log on as a service ⓘ |
| hasProfile | no roaming user profile ⓘ |
| isBuiltIn | true ⓘ |
| isManagedBy | operating system ⓘ |
| logonName | NT AUTHORITY\NETWORK SERVICE NERFINISHED ⓘ |
| logonType | service logon ⓘ |
| networkIdentity | computer account in Active Directory ⓘ |
| notRecommendedFor |
applications requiring administrative privileges
ⓘ
interactive logon ⓘ |
| passwordExpiration | does not require manual password changes ⓘ |
| passwordManagement | password managed by operating system ⓘ |
| platform |
Windows
ⓘ
surface form:
Microsoft Windows
|
| privilegeLevel |
higher than Local Service account
ⓘ
lower than Local System account ⓘ |
| recommendedUse | services needing network access with limited local rights ⓘ |
| runsWith | minimal local privileges ⓘ |
| scopeOfUse |
background processes
ⓘ
services ⓘ |
| securityContext | least-privileged ⓘ |
| securityGoal | reduce attack surface compared to Local System ⓘ |
| SID | S-1-5-20 ⓘ |
| supports | domain authentication via computer account ⓘ |
| usedByDefaultFor | some Windows services ⓘ |
| usedIn |
domain environments
ⓘ
workgroup environments ⓘ |
| usesCredentialsOf |
local computer account
ⓘ
machine account ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.