- The service can NOT open HKEY_CURRENT_USER .
- The service can open HKEY_LOCAL_MACHINE\SECURITY.
- The service has no network credentials and can only access network resources using a null session. If a share or pipe is accessible by Guest via a null session, it has access. There is a common misconception that a service running as LocalSystem has no network access.
One should review the security context of every service. Any hack which takes control of the service has the access rights of the account the service is running as. Some shops have sql server running as local administrator or even as a domain administrator account. Consider the security implications if one leaves such the sql sa account without a password (Microsoft's default). In that case one gains access to sql with a powerful or very powerful account and using sql shell commands, one can add a local admin account (if sa is running as local admin) or domain admin account (if sa is running as domain admin) using net user and net group