What's the purpose of having LogonSessionId_0_xxxx (S-1-5-5-0-xxxx) SID on access token of a service ?
I know a LogonSessionId_0_xxxx (S-1-5-5-0-xxxx) SID is present in access tokens of non zero terminal session which enables desktop and kernel object sharing. For example in terminal session 1, all access tokens have a same LogonSessionId_0_xxxx SID regardless of the logon session (LUID) they belong to.
However I see it on services as well in session 0. All of them appear to be unique i.e. no two services have the same LogonSessionId_0_xxxx (S-1-5-5-0-xxxx) SID on their access token.
