What does unsecured network mean

what does unsecured network mean

What does it mean to grant/set permissions for NETWORK SERVICE on a network share?

I'm confused about the NETWORK SERVICE account (group?) works on network shares:

On one hand, NETWORK SERVICE is generally described as an account that's local to a given machine. (See, e.g. here on serverfault or in Microsoft's Access Control in IIS 6.0 document.) So it's not a domain-wide account. And, for instance, if a process running under NETWORK SERVICE on SERVERA tries to request a resource on SERVERB, the authentication won't be under some hypothetical MYDOMAIN\NETWORK SERVICE, but rather under MYDOMAIN\SERVERA$. (The latter is known as SERVERA's "computer account".)

On the other hand, I've noticed I can go to a remote file share where I have admin rights, and set permissions on a particular directory for NETWORK SERVICE. (e.g. I can go to \\MYSHARE in Windows Explorer, right-click one of the directories, go to Security > Edit > Add, type "NETWORK SERVICE" in the "Enter the object names to select" box and click OK. Now I have a new NETWORK

SERVICE entry in the list of "Group or user names", and I can change the permissions for it, just like I might change permissions for the "Users" group.)

If NETWORK SERVICE is strictly a machine-by-machine account, I don't understand what is supposed to happen when I create a set of permissions for NETWORK SERVICE on a remote share. Does that entry refer to NETWORK SERVICE on one particular (unspecified) machine? To judge by the icon, the permissions are technically for a NETWORK SERVICE group. rather than than a NETWORK SERVICE user. But I can't seem to find any documentation for a NETWORK SERVICE group or how it might work compared to a regular domain group.

My only guess so far is that, if you grant access to the NETWORK SERVICE group (assuming there is such a thing), this amounts to granting access to all the "computer accounts" on the whole domain. (That is, giving permissions to NETWORK SERVICE on a central file server would be the same as giving permissions to MYDOMAIN\SERVERA$, MYDOMAIN\SERVERB$, MYDOMAIN\SERVERC$. MYDOMAIN\MYLASTSERVER$.)

Source: serverfault.com

Category: Bank

Similar articles: