I am wondering why the Local and Network Service user accounts appear outside of my computer's folder.
In the image I linked below I show the Select User panel that popups after we've entered the security tab of a file/service's properties > Advanced > "Change" link next to the current owner's username > "Select User or Group" pop up, click Advanced one more time > Another "Select User or Group" window pops up > click the "Find Now" button, and a list of users comes up. The list of users has two columns, "Name" and "In Folder."
In the linked image, all users appear to be "In Folder" DESKTOP-myPC, with the exception of Local Service and Network Service; these have a blank folder, or no folder.
Name | In Folder
------------------------------
Administrator DESKTOP-MyPC
DefaultAccount DESKTOP-MyPC
LOCAL SERVICE
NETWORK SERVICE
MyAccount DESKTOP-MyPC
WDAGUtilityAccount DESKTOP-MyPC
What is the meaning of this? or why is it that these two accounts are not in DESKTOP-myPC folder?
Best Answer
Accounts like "MyAccount" or "Administrator" are domain-specific; they have SIDs unique to each domain. (When the computer isn't in a central domain, it acts like it is its own domain, so the SIDs are then unique to each computer.)
In other words,
MyPC\Administrator
on one computer (with SID S-1-5-1234-2345-3456-500) is different fromFriendPC\Administrator
on another computer (with SID S-1-5-9876-8765-7654-500), and if you add your local Administrator to the ACL of some file on a USB stick, it won't be recognized on other systems.Meanwhile, built-in principals like "LOCAL SERVICE" are not domain-specific; instead they're in a virtual "NT AUTHORITY" domain, and each of them has the same fixed SID everywhere.
For example,
NT AUTHORITY\LOCAL SERVICE
is always S-1-5-19 on any system. If you add it to a file's ACL, it'll be recognized as LOCAL SERVICE anywhere the file goes. (It's a bit like "localhost", where each machine has its own 127.0.0.1.)Take a look at these pages: