[1] tells well known (see, for. ex, also [2], etc) fact that upon installation, i.e. in workgroup, a Windows has LocalSystem (SYSTEM) account which:
"The LocalSystem account is a predefined local account that has extensive privileges on the local computer. This account is only available to system processes and does not have a password" [1]
And, [3] established:
'In Workgroups, the SID only has a meaning on the local workstation. When accessing another workstation, the SID is not transferred just the name. The 'Local System' can not access any other systems'
And, then, as I understood, upon machine, i.e. a MS Windows, being joined to AD (Windows Active Directory) domain [1]:
"Exchange Server 2003 services run under the LocalSystem account. This has the following security implications:"
- " The LocalSystem account (NT AUTHORITY\LocalSystem) always exists and has a random hexadecimal number as the password. This password changes automatically every seven days, so you do not need to create a services account in Active Directory before you install Exchange Server 2003 or change a services password at frequent intervals" [1]
IS SYSTEM account context on network being changed by joining machine to AD
or
is [3] incorrect?
Cited:
[1]
Understanding Windows Services Architecture
http://technet.microsoft.com/en-us/library/aa998749(EXCHG.65).aspx
[2]
LocalSystem Account
http://msdn.microsoft.com/en-us/library/ms684190.aspx
[3]
sysadmin1138's answer to my question
"Windows LocalSystem vs. System"
http://serverfault.com/questions/168752/windows-localsystem-vs-system
My related questions (answers to which contradict each other):
- Is client LocalSystem (SYSTEM) identified by target/server machine? and in which context?
- how to check group membership of an “NT AUTHORITY\” account ?
- Does access to server resources require client process to login to server machine?
- Windows workgroup LocalSystem vs. domain (AD) LocalSystem [closed]
- how to better set up machine for development both in workgroup and Windows domain? [closed]
- interoperating with Windows domain computer from workrgroup Windows [closed]
- the context of local user of AD-joined machine? Is it of domain machine account or of local machine account?
- RunAs under domain account from non-AD Windows [closed]
- Which Windows remote connections bypass LSA? and what r definitions of login vs. logon session?
- how to better set up machine for development both in workgroup and Windows domain? [closed]
- how to share the same domain machine account with multi-boot workgroup Windows setup?