[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 488
  • Last Modified:

Application User Active Directory

Hi,

I am building a lab environment that is connected to an Active Director Server 2008 R2. On some of the other lab machines I will have applications that a user which is able to log onto and log off a machine in order to start and stop services/applications.

Working on various sites I have had to request "service" or "application" user account creation. Typically these user would not be able to logon interactively but would have enough privileges to fulfil the application requirements.

Looking on Google I have found reference to Manager Service Accounts however these accounts do not seem to have a password associated with them. Password information is required during the installation of the application that will require the account.

So I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine and have local administrator rights.

Can someone give some pointers of how I would go about setting up this type of user in Active Directory?

Many thanks,

Simon
0
SimonHuber
Asked:
SimonHuber
1 Solution
 
McKnifeCommented:
Hi.
You wrote "I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine" - not possible. Either he is able to logon or not. If you deny that user to logon interactively, that user can only be used for services (privilege: "logon as a service") or batch jobs (pr.: "logon as a batch job").

So to help you, you will have to explain what you are protecting against. What should these accounts be disabled to do?
0
 
jmanishbabuCommented:
Create a normal user . Make him the Admin of the machine which you want to run the service or applications .

Go to secpol.msc in run Prompt on the machine . On Local Policies --> User right assignment -->
Log on as a Batch Job and logon as a service see if the user has been added .
0
 
SimonHuberAuthor Commented:
Thanks for the responses,  jmanishbabu's solution worked great.
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now