First off, I wish to clarify that I have been browsing loads of questions regarding the "Local System" account and even though I feel enlightened about the properties of the account, none of them seem to explain my scenario.
I am deploying a service on a Windows Server 2008 of a customer. The machine has already been used for years for printer credits accounting and has an existing accounting system on it. My service is simply to interface with this accounting system.
The issue is that if I install my service as I would and have done on many other systems with the "Log on as: Local System account" in services.msc I get permissions related issues.
First of I've run it from cmd using various accounts "Administrator", "NT Authority\Network Service" and "NT Authority\System". None of them cause any issues. Which is especially odd for the last one.
It gets extra weird when I go into services.msc and switch to "This account", type in "nt authority\system" and suddenly it works perfectly. When I change it back to "Local System account" the issues presents itself again.
It should be noted that the machine is part of a workgroup of some sort and multiple of the print accounting services are running as users of a domain created by my customer. I don't know much more about their auth setup and I really thought I didn't have to.
How can there be a difference between "Log on as: Local System account" and "NT Authority\System"?
Best Answer
This article explains it well
They are two different things. The Local System Account should contain the token for
NT Authority\System
, so that doesn't explain why you're having issues, but there are certainly differences between the accounts. They are not synonymous for each other.This caveat could explain what you're seeing: