Application User Active Directory

Posted on 2012-08-15
Last Modified: 2012-08-15

I am building a lab environment that is connected to an Active Director Server 2008 R2. On some of the other lab machines I will have applications that a user which is able to log onto and log off a machine in order to start and stop services/applications.

Working on various sites I have had to request "service" or "application" user account creation. Typically these user would not be able to logon interactively but would have enough privileges to fulfil the application requirements.

Looking on Google I have found reference to Manager Service Accounts however these accounts do not seem to have a password associated with them. Password information is required during the installation of the application that will require the account.

So I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine and have local administrator rights.

Can someone give some pointers of how I would go about setting up this type of user in Active Directory?

Many thanks,

Question by:SimonHuber
    LVL 52

    Expert Comment

    You wrote "I think I need to create a normal user account that does not have interactive logon rights but is able to logon to the machine" - not possible. Either he is able to logon or not. If you deny that user to logon interactively, that user can only be used for services (privilege: "logon as a service") or batch jobs (pr.: "logon as a batch job").

    So to help you, you will have to explain what you are protecting against. What should these accounts be disabled to do?
    LVL 10

    Accepted Solution

    Create a normal user . Make him the Admin of the machine which you want to run the service or applications .

    Go to secpol.msc in run Prompt on the machine . On Local Policies --> User right assignment -->
    Log on as a Batch Job and logon as a service see if the user has been added .

    Author Closing Comment

    Thanks for the responses,  jmanishbabu's solution worked great.

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
    The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
    To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
    This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now