0

Are "user name" and "user account" interchangeable, if yes, to what extent? What about displayed name and eg. client name? How local users vs. domain users come into play? What about services like LocalService, LocalSystem and NetworkService? (difference between the latter in The difference between the 'Local System' account and the 'Network Service' account?).

All the different ways an actor could access some level of control over an nt system?

Motivation: I'm interested in this so I can find the right functions to retrieve names from a service. Additionally from a security stand-point one would want to be clear.

What is the conceptual model related to accounts in windows nt?

Community
  • 1
  • 1
n611x007
  • 8,952
  • 8
  • 59
  • 102
  • 1
    The "real" immutable name of an NT user account is its [SID](http://en.wikipedia.org/wiki/Security_Identifier). The user name is just a string associated with the user account, and it can be changed. The built-in accounts are just accounts. They have [well known SIDs](http://support.microsoft.com/kb/243330). – arx Jul 09 '14 at 20:54
  • @arx: thanks! I added the `principal` tag. so are there different kind of security principals, "just accounts" being different from an "*user* account"? still checking out your links. – n611x007 Jul 10 '14 at 12:41
  • 1
    I wasn't intending to make a distinction between "accounts" and "user accounts". There are other kinds of security principals though. For example, computers in a domain or logon sessions (which get a temporary SID for the life of the session). SIDs are also used to implement integrity levels. – arx Jul 10 '14 at 13:06

1 Answers1

0

A user account has many more properties than just its name. Obviously, a password, but also specific privileges. _Not_part of the account are the rights to specific files; those are associated with the file not the account. Still, those right do refer to accounts

Your "client name" link points to Windows Terminal Services, and it also has a "client build" number. I don't know about your users, but ours are made 100% organic.

The "service" accounts aren't associated with humans, but they do group specific privileges and Access Control Lists may name them.

MSalters
  • 173,980
  • 10
  • 155
  • 350