You might expect that the environment variables %USERDOMAIN% and %USERNAME% for the SYSTEM account would hold values of NT AUTHORITY and SYSTEM, respectively. That's not the case. %USERNAME% when running as SYSTEM is always the computer name plus a dollar sign at the end. %USERDOMAIN% is the workgroup name (if the computer is not domain-joined) or NetBIOS domain name (if it does have a domain).
That makes sense on domains, since SYSTEM really does present the computer's credentials on the network, and the machine account username really is the computer name plus a dollar sign. I suppose the behavior on non-domain-joined machines is intended to match that.
If you want SYSTEM to see itself as NT AUTHORITY\SYSTEM, use the whoami utility.
No comments:
Post a Comment