Core ReactOS
  1. Core ReactOS
  2. CORE-12541

Improve support for system builtin accounts LocalSystem, LocalService and NetworkService

    Details

    • Type: Bug Bug
    • Status: In Progress In Progress
    • Priority: Major Major
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: RosDlls, Security
    • Labels:
      None

      Description

      Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

      Additional observations (I don't care about Windows NT <= 4):

      • Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
      • In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts (eg. rpcss) are started, neither "D&S\LocalService" nor "D&S\NetworkService" profiles are created yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. The "System32\config\systemprofile" is created/migrated at the end of the 2nd stage. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
      • Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
      • Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
      • So that I infer that all the "generic" stuff ("D&S\Default User" and "D&S\All Users") is indeed set up at 2nd stage, while LocalService/NetworkService and SYSTEM still do not have a proper profile set up yet, but starting 3rd stage, userenv can correctly set up the profiles for those accounts whenever they are loaded.

        Issue Links

          Activity

          HBelusca
          made changes -
          Field Original Value New Value
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .
          HBelusca
          made changes -
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco . Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor be used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services Under Local/NetworkService account can be started, neither D&S\LocalService nor D&S\NetworkService nor System32\config\systemprofile do exist. It appears D&S\All Users and D&S\Default User are initialized there. Note that System32\config\systemprofile replaces WIn2k's D&S\SYSTEM (meaning that this new path is hardcoded as a special case in userenv.dll).
          HBelusca
          made changes -
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor be used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services Under Local/NetworkService account can be started, neither D&S\LocalService nor D&S\NetworkService nor System32\config\systemprofile do exist. It appears D&S\All Users and D&S\Default User are initialized there. Note that System32\config\systemprofile replaces WIn2k's D&S\SYSTEM (meaning that this new path is hardcoded as a special case in userenv.dll).
          Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" nor "System32\config\systemprofile" profiles do exist yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          HBelusca
          made changes -
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" nor "System32\config\systemprofile" profiles do exist yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" nor "System32\config\systemprofile" profiles do exist yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          HBelusca
          made changes -
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" nor "System32\config\systemprofile" profiles do exist yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" profiles are created yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. The "System32\config\systemprofile" is created/migrated at the end of the 2nd stage. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          HBelusca
          made changes -
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" profiles are created yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. The "System32\config\systemprofile" is created/migrated at the end of the 2nd stage. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" profiles are created yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. The "System32\config\systemprofile" is created/migrated at the end of the 2nd stage. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          - So that I infer that all the "generic" stuff ("D&S\Default User" and "D&S\All Users") is indeed set up at 2nd stage, while LocalService/NetworkService and SYSTEM still do not have a proper profile set up yet, but starting 3rd stage, userenv can correctly set up the profiles for those accounts whenever they are loaded.
          HBelusca
          made changes -
          Description Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts can be started, neither "D&S\LocalService" nor "D&S\NetworkService" profiles are created yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. The "System32\config\systemprofile" is created/migrated at the end of the 2nd stage. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          - So that I infer that all the "generic" stuff ("D&S\Default User" and "D&S\All Users") is indeed set up at 2nd stage, while LocalService/NetworkService and SYSTEM still do not have a proper profile set up yet, but starting 3rd stage, userenv can correctly set up the profiles for those accounts whenever they are loaded.
          Some extra details about those accounts: http://stackoverflow.com/questions/510170/the-difference-between-the-local-system-account-and-the-network-service-acco .

          Additional observations (I don't care about Windows NT <= 4):
          - Windows 2k has all the profiles under "Documents and Settings" (hereafter, "D&S"), y compris SYSTEM (however, no LocalService nor NetworkService accounts do exist nor are used by services themselves).
          - In Windows 2k(3) installation, 2nd stage (GUI), even if services under Local/NetworkService accounts (eg. rpcss) are started, neither "D&S\LocalService" nor "D&S\NetworkService" profiles are created yet. It appears that "D&S\All Users" and "D&S\Default User" are initialized there. The "System32\config\systemprofile" is created/migrated at the end of the 2nd stage. Note that "System32\config\systemprofile" replaces Win2k's "D&S\SYSTEM", meaning that this new path is hardcoded as a special case in userenv.dll .
          - Currently ReactOS behaves more like Win2k in this matter (presence of "D&S\SYSTEM" and no (at least working) Local/NetworkService accounts (and their profiles)).
          - Win2k3's syssetup.dll calls ordinal-only (#155) "CopySystemProfile" function in userenv.dll to migrate Win2k's "D&S\SYSTEM" profile to "System32\config\systemprofile".
          - So that I infer that all the "generic" stuff ("D&S\Default User" and "D&S\All Users") is indeed set up at 2nd stage, while LocalService/NetworkService and SYSTEM still do not have a proper profile set up yet, but starting 3rd stage, userenv can correctly set up the profiles for those accounts whenever they are loaded.
          Show
          HBelusca
          added a comment - https://www.codeproject.com/Articles/6443/GUI-Based-RunAsEx
          HBelusca
          made changes -
          Epic Link CORE-12279 [ 28165 ]
          HBelusca
          made changes -
          Module userenv
          Component/s RosDlls [ 10209 ]
          Component/s Security [ 10210 ]
          HBelusca
          made changes -
          Status Untriaged [ 10000 ] Open [ 1 ]
          HBelusca
          made changes -
          Status Open [ 1 ] In Progress [ 3 ]
          HBelusca committed 73486 (1 file)
          Reviews: none

          [SERVICES]: Add a *temporary* hack, as part of CORE-12541 and CORE-12279, that manually creates and loads the "LocalService" and "NetworkService" accounts and user profiles (and their registry hives), inspired from code from userenv.dll . This is done here until services can be correctly logged into the "LocalService" or "NetworkService" accounts (Eric is working on that), and their user profiles automatically properly created. When this is OK the hack will be removed and a proper call to "LoadUserProfile" in the code will be done where needed.

          Hide
          HBelusca
          added a comment - - edited

          [SERVICES]: Add a temporary hack, as part of CORE-12541 and CORE-12279, that manually creates and loads the "LocalService" and "NetworkService" accounts and user profiles (and their registry hives), inspired from code from userenv.dll . This is done here until services can be correctly logged into the "LocalService" or "NetworkService" accounts (Eric is working on that), and their user profiles automatically properly created. When this is OK the hack will be removed and a proper call to "LoadUserProfile" in the code will be done where needed.
          r73486

          [SERVICES]: Addendum to r73486: Start all services within LocalSystem account as a temporary measure in trunk until we completely support per-service account logging.
          CORE-12541, CORE-12279
          r73487

          Show
          HBelusca
          added a comment - - edited [SERVICES] : Add a temporary hack, as part of CORE-12541 and CORE-12279 , that manually creates and loads the "LocalService" and "NetworkService" accounts and user profiles (and their registry hives), inspired from code from userenv.dll . This is done here until services can be correctly logged into the "LocalService" or "NetworkService" accounts (Eric is working on that), and their user profiles automatically properly created. When this is OK the hack will be removed and a proper call to "LoadUserProfile" in the code will be done where needed. r73486 [SERVICES] : Addendum to r73486: Start all services within LocalSystem account as a temporary measure in trunk until we completely support per-service account logging. CORE-12541 , CORE-12279 r73487
          HBelusca committed 73487 (1 file)
          Reviews: none

          [SERVICES]: Addendum to r73486: Start all services within LocalSystem account as a temporary measure in trunk until we completely support per-service account logging.
          CORE-12541, CORE-12279

          reactosfanboy
          made changes -
          Link This issue is blocked by CORE-12613 [ CORE-12613 ]
          reactosfanboy
          made changes -
          Link This issue is blocked by CORE-12614 [ CORE-12614 ]
          Hide
          HBelusca
          added a comment -

          Eric Kohl committed improvements for CreateUserProfile(Ex)[A/W] in r73493.

          Show
          HBelusca
          added a comment - Eric Kohl committed improvements for CreateUserProfile(Ex) [A/W] in r73493.
          HBelusca
          made changes -
          Comment [ test ]

            People

            • Assignee:
              HBelusca
              Reporter:
              HBelusca
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: