Chapter 28. How to Choose an Identity for a Daemon
When configuring a daemon's identity (Item 27), you'll need to either use one of the built-in logon sessions (Item 17) or create a custom account. I've summarized the differences between the built-in logons in Figure 28.1.
Table 28.1. Choosing a built-in logon for a daemon
Name | Privilege Level | Network Credentials |
|---|---|---|
| High | Yes |
| Low | Yes |
| Low | No |
SYSTEM is like root on UNIX. It's all powerful and is considered to be part of the trusted computing base (TCB). You should configure as little code as possible (preferably none) to run under this logon, as compromise of it immediately compromises the entire machine. (When you're part of the TCB, you're trusted to enforce security policy ...
Get The .NET Developer's Guide to Windows Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
