SimonHuber
asked on
Application User Active Directory
Hi,
I am building a lab environment that is connected to an Active Director Server 2008 R2. On some of the other lab machines I will have applications that a user which is able to log onto and log off a machine in order to start and stop services/applications.
Working on various sites I have had to request "service" or "application" user account creation. Typically these user would not be able to logon interactively but would have enough privileges to fulfil the application requirements.
Looking on Google I have found reference to Manager Service Accounts however these accounts do not seem to have a password associated with them. Password information is required during the installation of the application that will require the account.
So I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine and have local administrator rights.
Can someone give some pointers of how I would go about setting up this type of user in Active Directory?
Many thanks,
Simon
I am building a lab environment that is connected to an Active Director Server 2008 R2. On some of the other lab machines I will have applications that a user which is able to log onto and log off a machine in order to start and stop services/applications.
Working on various sites I have had to request "service" or "application" user account creation. Typically these user would not be able to logon interactively but would have enough privileges to fulfil the application requirements.
Looking on Google I have found reference to Manager Service Accounts however these accounts do not seem to have a password associated with them. Password information is required during the installation of the application that will require the account.
So I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine and have local administrator rights.
Can someone give some pointers of how I would go about setting up this type of user in Active Directory?
Many thanks,
Simon
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the responses, jmanishbabu's solution worked great.
You wrote "I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine" - not possible. Either he is able to logon or not. If you deny that user to logon interactively, that user can only be used for services (privilege: "logon as a service") or batch jobs (pr.: "logon as a batch job").
So to help you, you will have to explain what you are protecting against. What should these accounts be disabled to do?