A local system account is a user account that is created by an operating system during installation and that is used for operating system-defined purposes. System accounts often have pre-defined user IDs (e.g. the root account in Linux.)

The distinction between system accounts and service accounts is sometimes blurred. Many system accounts run operating system processes, and in this respect, resemble service accounts. Some system accounts, such as root, are also logged into by system administrators.

A local system account controls access to a single, physical computer (workstation or server). The local account credentials (username, password, and SID/UID) are stored locally on the machine’s hard drive, and the computer checks its own files to authenticate a user’s login.

Local system accounts and security

A service running in the context of the local system account has unrestricted access to local resources. As a result, it is important to be cautious about what services run under the local system account. A service running as “LocalSystem” on a domain controller, for example, would have unencumbered access to Active Directory Domain Services. As a result, any vulnerabilities in the service could threaten the entire network.