This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello All,
In our organization we have a strict policy of users accessing any servers via a AD group which is added under the specific server's local admin group and the user accounts added under the AD group. Any accounts which are added directly under the local admin group(except a few whitelisted ones) throws an alert ticket for the support team.
Last day, we got an alert that the system account 'NT Authority\NetworkService' was added under the local admin group of the server. When we verified with the users they are completely unaware of the scenario. After an hour or two the account automatically disappeared from the group. We tried to check the logs if someone has manually added the account to the group but could not find any details.
Please help me to understand how these local system accounts work. Also if these system accounts can get added to the admin group automatically via any services for the purpose of some task and auto removed once it is done?
Thanks a lot in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Read on here.
https://learn.microsoft.com/en-us/windows/win32/services/networkservice-account
https://learn.microsoft.com/en-us/windows/win32/services/service-security-and-access-rights#access-rights-for-a-service
--please don't forget to upvote and Accept as answer if the reply is helpful--
Thanks for the details. understood the basic working, however still confused how the account got automatically added and then auto removed from the local admin group.
Thanks
Yes, I have not seen nor heard of this before.