Troubleshooting: MSIServer not running as Local System
Windows and other vendors are growing our security messages to include advice on improving the security of your existing systems. Some of the guidance includes the messages that services that run as Local System unnescicarily it increase the potential vulnerable surface area for your system. In these contexs, the common bit of advice is to evaluate services for their minimum privledge and reduce the Windows service privledge to either NT AUTHORITY\NETWORK SERVICE or NT AUTHORITY\LOCAL SERVICE where appropriate. The Windows Installer service, MSIService, will not funciton correctly without Local System privledge.
One way to identify if you're installs are being affected by someone adjusting the service privledge, you can see it in the Event Log
Event Source: MsiInstaller
User: NT AUTHORITY\NETWORK SERVICE
If you run into this problem, you can restore the Windows Service to normal operation by
- open the Service Control Manager
- open the Windows Installer service
- select the Log On tab
- click the "Local System account" radio button
- click the Apply button