I need to check if service account in the form of (xxx\yyy$) is an built-in network service account. One way I'm thinking is compare account name with "domainName\hostname$", it's networkservice account if equals; otherwise not.
I believe there's some simple API (C/C++) can help me. Anybody know it?
Thanks John. But from MSDN: The NetworkService account is a predefined local account used by the service control manager. This account is not recognized by the security subsystem, so you cannot specify its name in a call to the LookupAccountName function.
You need to compare the actual SID. The sids of these well-known users are declared.
See this page at Microsoft, where you will find:
SID: S-1-5-20
Name: NT Authority
Description: Network Service