This browser is no longer supported.

Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.

Download Microsoft Edge More info about Internet Explorer and Microsoft Edge

In this article

The LocalService account is a predefined local account used by the service control manager. It has minimum privileges on the local computer and presents anonymous credentials on the network.

This account can be specified in a call to the CreateService and ChangeServiceConfig functions. Note that this account does not have a password, so any password information that you provide in this call is ignored. While the security subsystem localizes this account name, the SCM does not support localized names. Therefore, you will receive a localized name for this account from the LookupAccountSid function, but the name of the account must be NT AUTHORITY\LocalService when you call CreateService or ChangeServiceConfig , regardless of the locale, or unexpected results can occur.

The user SID is created from the SECURITY_LOCAL_SERVICE_RID value.

The LocalService account has its own subkey under the HKEY_USERS registry key. Therefore, the HKEY_CURRENT_USER registry key is associated with the LocalService account.

The LocalService account has the following privileges:

SE_ASSIGNPRIMARYTOKEN_NAME (disabled)

SE_AUDIT_NAME (disabled)

SE_CHANGE_NOTIFY_NAME (enabled)

SE_CREATE_GLOBAL_NAME (enabled)

SE_IMPERSONATE_NAME (enabled)

SE_INCREASE_QUOTA_NAME (disabled)

SE_SHUTDOWN_NAME (disabled)

SE_UNDOCK_NAME (disabled)

Any privileges assigned to users and authenticated users

For more information, see Service Security and Access Rights .

Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback .

Submit and view feedback for

This product