What are the security risks in running a Windows Service as “Local System”?

Question

I have written a .NET Windows service which runs as \"Local System\". Recently I read that, running as local system might expose system credential to hackers enabling them t

Answer 1

Services running as LocalSystem are part of the system's trusted space. Technically speaking, they have the SeTcbName privilege. This means, inter alia, that such services can alter any security settings, grant themselves any privileges, and generally do anything Windows can do.

As a result, any flaw in your service — unsanitized input passed to system functions, bad dll search paths, buffer overruns, whatever — becomes a critical security hole. This is why no system administrator in an enterprise environment will permit your service to be installed if it runs under LocalSystem. Use the LocalService and NetworkService accounts.