We help IT Professionals succeed at work.
Get Started

How to setup impersonation without local admin privileges ?

Yveau asked
Last Modified: 2013-12-04

Here is the situation:
We are using a domain service account (domainX\A) that runs our service on a Windows 2003 machine and has a lot of permissions. For that reason, we cannot can get a hold of the password.
We are given the password of a domain application account (domainX\B) that we should use to connect to the database with. No problem, until we let the service account (domainX\A) do an impersonation to setup the connection using Windows Integrated Security with account domainX\B. We discovered that we manage to get it working when we make domainX\B member of the local admin group, which is something we are not allowed to do. We are not allowed to log on to the machine using that account.

So the Question is, what permissions should we set/use/give to the domain application account domainX\B, to get this impersonation working, but not risking that people who know the password for that domainX\B account can do anything on the machine (that is logging on to it, both at the console and using RDP) ? Or is this not possible at all, ... as a result of the strict security policies within our company ?

I would really like to know if you guys have a solution for me ...

Hope to hear from you soon ...
Watch Question
This problem has been solved!
Unlock 1 Answer and 4 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE