LOCAL SERVICE and NETWORK SERVICE accounts cannot be deleted

Applies to: Windows Vista BusinessWindows Vista EnterpriseWindows Vista Home Basic


Several customers have been failing a PCI Compliance Auditwhich must be met by direct retailers who use credit-cards as part of their day-to-day business. The audit is set up by credit-card companies as a regulatory function to ensure that their customers comply with the rules; otherwise, those customers are not allowed to process credit-card transactions. See the link above for more information.

One audit requirement for solutions using previous versions of Windows is that all users, except Administrator, be removed from the following Windows policy options. [Computer Configuration > Windows Settings > Security Settings > User Rights Management]: 'Bypass Traverse Checking" and "Replace a Process Level Token".

However, when this is done for the systems in the Applies To list, the settings are automatically repopulated with Administrator, LOCAL SERVICE, and NETWORK SERVICE, resulting in audit failure.

More Information

The behavior observed is "by design". Beginning with Windows Vista and Windows Server 2008, Microsoft has introduced the notion of required privileges for services. Without this set of privileges, certain critical operating system services would be unable to start and the machine would be rendered unusable.