Any reason not to grant a domain computer account shared folder permission on another server?
Posted on 2011-09-08
We have a few web servers in a DMZ that need to access files on a single file server share in the inside network. Currently we use a domain account (call it webshare) which is what the web services use when they need to access a file on the inside share. One of the developers asked if we could add the web server's domain computer account to the share, as it would be easer for the application developers not to have to impersonate a user accouint when they need to access those files. Note that the webshare account has local admin rights on the web server, but no domain rights other then that one share on one file server.
This is a single windows domain and 2008 servers we're talking about, fyi.
Any reason why using the computer account instead of a domain account would be better/safer or less secure the the current method? Or basically the same?