I have several different type of service accounts in my windows domain. I want to restrict this accounts so no one can use them to login on the servers with them.
First group of service accounts are those which are used for backups.
Second group - i have just one , it is used to read security logs of domain controllers for different events, this accoung is given domain admins privileges. Is it possible to lower this privileges and restrict no one to use it to login on the domain controllers.
third group - they are used to run iis worker process