troubleshooting Question

Any reason not to grant a domain computer account shared folder permission on another server?

Avatar of mchad65
mchad65 asked on
Microsoft IIS Web ServerWindows Server 2003Windows Server 2008
4 Comments1 Solution461 ViewsLast Modified:
We have a few web servers in a DMZ that need to access files on a single file server share in the inside network.  Currently we use a domain account (call it webshare) which is what the web services use when they need to access a file on the inside share.  One of the developers asked if we could add the web server's domain computer account to the share, as it would be easer for the application developers not to have to impersonate a user accouint when they need to access those files.  Note that the webshare account has local admin rights on the web server, but no domain rights other then that one share on one file server.

This is a single windows domain and 2008 servers we're talking about, fyi.

Any reason why using the computer account instead of a domain account would be better/safer or less secure the the current method?  Or basically the same?

Thanks
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros