By default, the Jenkins service wrapper is configured to launch as the local system account on Windows. This is an elevated privilege (i.e. root) account.

The installer should prompt users to choose an account (similar to how Microsoft SQL Server does) under which the Jenkins service and associated java process should run.

This is a highly insecure default configuration which encourages bad practice and implementation by less experienced users.