Windows service running as network service - how does it authenticate? Breaking change in W2K8?
Posted
by Max
on Server Fault
See other posts from Server Fault
or by Max
Published on 2010-06-14T22:30:57Z
Indexed on
2010/06/14
22:33 UTC
Read the original article
Hit count: 329
A Windows service running as "Network Service" talks to services on other machines (here: SQL Server and Analysis Services), using Windows authentication. For authentication, we have to grant permissions to the machine account of the service. E.g. if service runs on server MYSERVER in domain MYDOMAIN, it'll authenticate itself as "MYDOMAIN\MYSERVER$". - Am I correct, so far?
Now here's my question: does this still apply when talking to a service on the SAME machine? Or will it authenticate with something like "NT AUTHORITY\Network Service" instead when connecting to a local service?
And: is there any chance this is a breaking change from Windows 2003 to Windows 2008? We're having an actual issue in our system where the account was able to connect to local services with only the machine account having permissions in W2K3. In W2K8, this doesn't seem to work anymore: authentication to local services now fails, but still works to remote machines.
© Server Fault or respective owner