root vs Administrator vs SYSTEM

Posted on

QUESTION :

When comparing the various linux distributions with Windows’ software, what is the fundamental difference in terms of levels of access with the administrative accounts?

I always thought that the Windows’ Administrator account was the equivalent to the Unix root account. But what about SYSTEM? It’s not a regular user account, but by doing various tricks you can get a shell as it, but does it really have any greater permissions than the Administrator account?

ANSWER :

The main difference between the Administrator and SYSTEM is that Administrator is an actual account (for example, it has a password) whereas SYSTEM is not. (Properly speaking, SYSTEM is a “security principal”.)

One practical difference is that, if the computer is joined to a domain, processes running as SYSTEM can access domain servers in the context of the computer’s domain account. Processes running as Administrator have no access to domain computers unless the password happens to match or alternative credentials are explicitly provided.

It is possible for a file, directory, registry key, or other securable object to only grant access to SYSTEM and not to Administrator. However, I’m not aware of any examples on a default installation of Windows. Edit: I forgot about the SAM key, containing the local account information. This has full control granted only to SYSTEM, with the Administrators group having neither read nor write access. Kreemoweet has also pointed out that Vista has a number of other examples.

Of course, the administrator can override any permissions anyway.

There are one or two oddball special cases. For example, the WTSQueryUserToken function allows a program to get an access token that can be used to launch a new process in the context of a specified logged-on user. This function can only be used by processes that are running as SYSTEM, not by processes running as Administrator.

Root in Linux is equivalent to Windows’ Administrator and System.

You see, you can legitimately log into Linux as root on many distributions. You cannot truly do this with Windows using the System account. Root also runs all of the services on the computer be default like system does for Windows. You log into Windows as administrator but services do not run under it unless specifically told to.

Leave a Reply

Your email address will not be published.