Network privileges of localsystem account in Windows
-
Is there any difference in the privileges of the 'localsystem' account under XP,2000 and 2003 server? We are launching a browser from an INTERACTIVE windows service (running under 'localsystem' account),and make it navigate to a url. The url in turns redirects to another page. This navigation/redirection is allowed in 2000 and XP ;but fails in 2003. Is this a result of difference in network privileges for localsystem account?
-
Is there any difference in the privileges of the 'localsystem' account under XP,2000 and 2003 server? We are launching a browser from an INTERACTIVE windows service (running under 'localsystem' account),and make it navigate to a url. The url in turns redirects to another page. This navigation/redirection is allowed in 2000 and XP ;but fails in 2003. Is this a result of difference in network privileges for localsystem account?
The LocalSystem account doesn't have network priv's. It also has it's own copy of the default IE configuration, which you CAN NOT CHANGE! Since Windows 2003 locks down IE access from the server to the otuside world, it's essentially crippled. You CAN NOT make any changes to it's configuration since you can not login as the LocalSystem account and change its settings. This should be done using other methods, not a browser control, and using an account setup specifically for your service without any interaction.
Dave Kreskowiak Microsoft MVP - Visual Basic
-
The LocalSystem account doesn't have network priv's. It also has it's own copy of the default IE configuration, which you CAN NOT CHANGE! Since Windows 2003 locks down IE access from the server to the otuside world, it's essentially crippled. You CAN NOT make any changes to it's configuration since you can not login as the LocalSystem account and change its settings. This should be done using other methods, not a browser control, and using an account setup specifically for your service without any interaction.
Dave Kreskowiak Microsoft MVP - Visual Basic
Thanks a lot for the help Dave. Since this same code works for 2000 and XP - are these restrictions only applicable to 2003? Is it possible for you to send links to any relevant documentation on this - because there seems to a distinct lack of documentation in this area.
-
Thanks a lot for the help Dave. Since this same code works for 2000 and XP - are these restrictions only applicable to 2003? Is it possible for you to send links to any relevant documentation on this - because there seems to a distinct lack of documentation in this area.
By default, on 2003 IE can't visit any web sites off the local machine. It's locked down very tightly. To find this out, all you have to do is logon locally to the servers console and launch IE yourself.
Dave Kreskowiak Microsoft MVP - Visual Basic
-
By default, on 2003 IE can't visit any web sites off the local machine. It's locked down very tightly. To find this out, all you have to do is logon locally to the servers console and launch IE yourself.
Dave Kreskowiak Microsoft MVP - Visual Basic
-
Hi Dave, What did you mean by 'logon locally to the servers console' ? Is there some way possible to logon to a console with the 'localsystem' account privileges - to simulate the bhaviour?
That means logon to the server at it's keyboard and mouse. As I already said, it's impossible to logon to the server using that account.
Dave Kreskowiak Microsoft MVP - Visual Basic
-
That means logon to the server at it's keyboard and mouse. As I already said, it's impossible to logon to the server using that account.
Dave Kreskowiak Microsoft MVP - Visual Basic
Sorry for the misunderstanding Dave. Is there some write-up(or search terms) on the 2003 restrictions that you mentioned related to IE settings? I have searched a lot but do not find adequate documentation on the way 2003 'localsystem' locks IE up. Unfortunately,i would require some write-up to back me up on this arguement. It will be a great help - thanks again for your support.
-
Sorry for the misunderstanding Dave. Is there some write-up(or search terms) on the 2003 restrictions that you mentioned related to IE settings? I have searched a lot but do not find adequate documentation on the way 2003 'localsystem' locks IE up. Unfortunately,i would require some write-up to back me up on this arguement. It will be a great help - thanks again for your support.
I don't have anything on it. Your search can't find anything because you're focused on the LocalSystem account. Don't. Just search for the default locked down IE setup on 2003. At the very least, it's documented in the Windows Server 2003 Reosurce Kit.
Dave Kreskowiak Microsoft MVP - Visual Basic