I am installing MS SQL Server 2008 R2 and I got to the window where I have to set the service accounts. I want to know the difference between NT AUTHORITY\SYSTEM and NT AUTHORITY\NETWORK SERVICE. I tried to Google it but I found no well-defined answer for this question which I hope to find here.
Sql – Difference between “NT AUTHORITY\NETWORK SERVICE” and “NT AUTHORITY\SYSTEM”
installationsqlsql-server-2008
Best Answer
It's all about the privileges that a Service User Account has.
The Local System account is a predefined local account that can start a service and provide the security context for that service. It is a powerful account that has full access to the computer, including the directory service when used for services running on domain controllers.
The Local Service account is a special built-in account that has reduced privileges similar to an authenticated local user account. This limited access helps safeguard the computer if an attacker compromises individual services or processes. A service that runs as the Local Service account accesses network resources as a null session; that is, it uses anonymous credentials. The actual name of the account is NT AUTHORITY\LocalService, and it does not have a password that an administrator needs to manage.
The Network Service account is a special built-in account that has reduced privileges similar to an authenticated user account. This limited access helps safeguard the computer if an attacker compromises individual services or processes. A service that runs as the Network Service account accesses network resources using the credentials of the computer account in the same manner as a Local System service does. The actual name of the account is NT AUTHORITY\NetworkService, and it does not have a password that an administrator needs to manage.
For example, ASP.NET Service runs under NT AUTHORITY\NetworkService user that has not access to File System.
Reference