Stay on top of the latest WS2K3 tips and tricks with our free Windows Server 2003 newsletter, delivered each Wednesday. Automatically sign up today!
One of the ways that Windows Server 2003
provides better security is by running services under less
privileged accounts when appropriate. For example, in previous
versions of Windows, many system services ran under the highly
privileged LocalSystem account. Services compromised while running
under this account could do just about anything.
Windows Server 2003 introduced two less
privileged accounts: Local Service and Network Service. Both
accounts have only slightly higher privilege levels than a typical
You can use Local Service for local system
services that don’t need full access to the system, and you can
employ Network Service for network-based services. Network Service
emulates a computer account in a domain.
By default, Windows Server 2003 limits both
services in what they can do and what they can access. These
restrictions help reduce the amount of damage that an intruder can
inflict with a compromised service.
Windows Server 2003 also reduces the number of
services started by default, which directly results in a more
secure system. When a system runs fewer services, it gives
potential hackers fewer options to compromise.