Local Service and Network Service are special security principals in Windows Server 2003 and Windows XP designed to address the security issues discussed in Access Denied, "Running Services Under SYSTEM or Administrator," August 2005. In earlier versions of Windows, most system services run under the powerful SYSTEM (aka Local System) account. Because most services don't need SYSTEM-level authority, Microsoft created the two new principals with less authority than SYSTEM and reconfigured many of the services on Windows 2003 and XP to run as either Local Service or Network Service.

Both principals have minimal authority on the local computer—basically the same authority as an unprivileged user account—and the Logon as a service right, which any service account requires. The principals differ in how they handle a service's attempts to access resources on other Windows computers on the network. A service running under Network Service is authenticated to other computers on the network by using the computer's account in the domain. For instance, if the service on acmeserver1 tries to access a shared folder on acme\server2, server2 will allow or deny access based on the permissions server1 has to the folder.

A service on server 1 that's running under the Local Service principal and that tries to access the folder on server2 is seen as an anonymous connection attempt that is or isn't allowed depending on the policy of server2. The benefit of running services that don't require access to other computers under the Local Service principal is that an attacker who compromises the service will find it much more difficult to leverage that conquest to gain access to other systems on the network.