Windows apps
Collapse the table of content
Expand the table of content
Information
The topic you requested is included in another documentation set. For convenience, it's displayed below. Choose Switch to see the topic in its original location.

Guidelines for Selecting a Service Logon Account

A Win32-based service can run in the security context of a local user account, a domain user account, or the LocalSystem account. To decide which account to use, an administrator should install the service with the minimum set of permissions required to perform the service operations. In a typical directory-enabled service, this means the service installer should create a domain user account for the service and grant that account the specific access rights and privileges required by the service at run time. A service should only run under the LocalSystem account if the service requires administrative privileges or must act as part of the operating system on the local computer.

Be aware that the service installer should, by default, set up the service to run under a domain user account. To run the service under the LocalSystem account, the service installer should query the administrator for permission to do so.

For more information about descriptions, advantages, and disadvantages of each account type, see:

 

 

Show:
© 2017 Microsoft