What is the Difference Between Windows Administrator and Windows System Users
Asked Answered
S

2

11

Is there any privilege difference between the Windows Administrator User and the System User?

There have been some times, where I have to promote a cmd window to system privilege to delete some files. This may be due to files being locked by the system user, or the system user may have higher access, I'm hoping to find out if there is a privilege difference.

Selachian answered 24/1, 2013 at 17:43 Comment(1)
There's no inherent privilege difference (apart from a few rare edge cases which aren't relevant here) but there's nothing preventing a file's ACL from explicitly granting access to SYSTEM but not to Administrators.Parotitis
O
18

from Microsoft KB:

The system account and the administrator account (Administrators group) have the same file privileges, but they have different functions. The system account is used by the operating system and by services that run under Windows. There are many services and processes within Windows that need the capability to log on internally (for example during a Windows installation). The system account was designed for that purpose; it is an internal account, does not show up in User Manager, cannot be added to any groups, and cannot have user rights assigned to it. On the other hand, the system account does show up on an NTFS volume in File Manager in the Permissions portion of the Security menu. By default, the system account is granted full control to all files on an NTFS volume. Here the system account has the same functional privileges as the administrator account.

Operetta answered 24/1, 2013 at 17:59 Comment(1)
The link now redirects to a documentation with the same info, but written in a different form. Here is the link to the archived copy: web.archive.org/web/20150209074209/http://support.microsoft.com/…Millinery
S
1

From Local Account Documentation:

The SYSTEM account is used by the operating system and by services that run under Windows. There are many services and processes in the Windows operating system that need the capability to sign in internally, such as during a Windows installation. The SYSTEM account was designed for that purpose, and Windows manages the SYSTEM account’s user rights. It is an internal account that does not show up in User Manager, and it cannot be added to any groups.

On the other hand, the SYSTEM account does appear on an NTFS file system volume in File Manager in the Permissions portion of the Security menu. By default, the SYSTEM account is granted Full Control permissions to all files on an NTFS volume. Here the SYSTEM account has the same functional rights and permissions as the Administrator account.

Note To grant the account Administrators group file permissions does not implicitly give permission to the SYSTEM account. The SYSTEM account's permissions can be removed from a file, but we do not recommend removing them.

Sean answered 22/7, 2021 at 20:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.