Windows service running as network service - how does it authenticate? Breaking change in W2K8?

Posted by Max on Server Fault See other posts from Server Fault or by Max
Published on 2010-06-14T22:30:57Z Indexed on 2010/06/14 22:33 UTC
Read the original article Hit count: 329

A Windows service running as "Network Service" talks to services on other machines (here: SQL Server and Analysis Services), using Windows authentication. For authentication, we have to grant permissions to the machine account of the service. E.g. if service runs on server MYSERVER in domain MYDOMAIN, it'll authenticate itself as "MYDOMAIN\MYSERVER$". - Am I correct, so far?

Now here's my question: does this still apply when talking to a service on the SAME machine? Or will it authenticate with something like "NT AUTHORITY\Network Service" instead when connecting to a local service?

And: is there any chance this is a breaking change from Windows 2003 to Windows 2008? We're having an actual issue in our system where the account was able to connect to local services with only the machine account having permissions in W2K3. In W2K8, this doesn't seem to work anymore: authentication to local services now fails, but still works to remote machines.

© Server Fault or respective owner

Related posts about windows-server-2003

Related posts about windows-server-2008