reg windows system and services

Ramamoorthy, Srinath (ext) 31 Reputation points
2022-08-17T07:23:02.883+00:00

Hi
I have a C++ program for windows PC .

TASK Manager -> DETAILS

which has, Name ,PID, Status , User Name and so on

I would like to run the program sometimes as a
Username:
SYSTEM or LOCAL SERVICE or NETWORK SERVICE

what are the use of the above 3 and why LocalSystem account is (dangerous, don't use!)?

https://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco

currently It is running with my username z000###

How can I decide which one to use ?

Is SYSTEM and LocalSystem is the same?

How it is related to firewall in windows 10?

Windows API - Win32
Windows API - Win32
A core set of Windows application programming interfaces (APIs) for desktop and server applications. Previously known as Win32 API.
2,412 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,517 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,266 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,747 questions
0 comments No comments
{count} votes

9 answers

Sort by: Most helpful
  1. Bruno van Dooren 21 Reputation points
    2022-08-17T09:53:22.01+00:00

    SYSTEM or LOCAL SERVICE or NETWORK SERVICE

    what are the use of the above 3 and why LocalSystem account is (dangerous, don't use!)?

    LocalSystem is dangerous because it is literally the account of the computer system itself. It has no restrictions. Everything that runs as SYSTEM is running as if the operating system itself is doing it. This means that 1) if the program does something wrong, it can destroy the system and 2) if the application has a vulnerability, an attacker can use that to execute malicious code with system permissions.

    LocalService has a lot less permissions and has no permissions to use the network (or rather, it is anonymous which means on most networks it is not allowed).

    NetworkService is similar in that it has a lot less permissions, but it can act on the network.

    If you create things as system, be very careful. There are various windows attacks that abuse system permissions of badly configured apps.

    If you run your exe from the command line, then it will run with your own credentials. Preventing a 2nd instance from running is simple. When your application starts, it can acquire a mutex of a given name (use a GUID for the name).

    Here is an example of using a mutex.
    https://learn.microsoft.com/en-us/windows/win32/sync/using-mutex-objects
    From the documentation:

    If the mutex is a named mutex and the object existed before this function call, the return value is a handle to the existing object, and the GetLastError function returns ERROR_ALREADY_EXISTS.

    So you just have to check the error value to know if an instance is already running or not.

    1 person found this answer helpful.
    0 comments No comments

  2. RLWA32 40,021 Reputation points
    2022-08-17T11:53:03.437+00:00

    mutex Not Working:
    First time start as a service -> running (User name -> SYSTEM)
    second time start as a CMD ->running (DUPICATE need to block ) (User name -> Z00####)

    There are two issues that need to be addressed. First, Windows Services run in session 0 and a mutex created by a service will be created in the Global Namespace. So an application running in an interactive session needs to use the "Global\" prefix when specifying the name of the mutex. The second issue is security. The default security descriptor for a mutex created by a service running as SYSTEM will not grant access to your interactive user account. When the service creates the mutex it must also adjust the default security descriptor to grant the desired access to the user account.

    1 person found this answer helpful.

  3. Castorix31 81,461 Reputation points
    2022-08-17T07:31:43.9+00:00

    Create a service with CreateService and lpServiceStartName with SERVICE_INTERACTIVE_PROCESS, NT AUTHORITY\NetworkService or other
    (The Complete Service Sample)
    (Service User Accounts)

    0 comments No comments

  4. Ramamoorthy, Srinath (ext) 31 Reputation points
    2022-08-17T08:00:38.873+00:00

    Thank you for the answer I already did the services part and its working good

    It is showing User name -> SYSTEM while running as a service.

    But when I run as a CMD .cpp User name -> Z00####

    I would like to block .cpp program the duplicate one while runing as aCMD

    https://www.codeproject.com/Articles/499465/Simple-Windows-Service-in-Cplusplus

    0 comments No comments

  5. Ramamoorthy, Srinath (ext) 31 Reputation points
    2022-08-17T11:13:29.74+00:00

    Thank you for the answer.

    I already implemented the mutex

    mutex Working:
    it is working for 2nd time when I start the .exe only when I start in CMD (User name -> Z00####) 1st time start -> running and 2nd Time start-> mutex --ERROR_ALREADY_EXISTS

    mutex Not Working:
    First time start as a service -> running (User name -> SYSTEM)
    second time start as a CMD ->running (DUPICATE need to block ) (User name -> Z00####)

    0 comments No comments