Check or Attack Name: Service User

A Windows NT service was detected running under an account other than LocalSystem. If services are installed under a domain-level account, any compromised workstation using the service will also compromise the domain at the level of that user.

Set the service to run in the local user context, or as LocalSystem.

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the service.
3. Click Startup.
4. Set the service to either run under a local user context, or as LocalSystem. Some services will not function properly if this setting is changed, so carefully test your configuration and contact the vendor for additional support.

—AND—

Windows NT 4.0 SP3 users can install the post-SP3 lsa2-fix to keep remote users from obtaining the password. However, some security researchers have demonstrated acquiring these passwords even with the fix installed, thus the fix does not completely solve the problem. This capability is not widespread (as of September 1998), but may become common knowledge.