llarava
asked on
Domain administrator service accounts limit access to a particular server/s
We need to adjust these to adjust our service accounts and would like them to be restricted to a particular server and restrict their logon or access. Any suggestions on how to manage this through Active Directory at an enterprise level? We want to lock down the accounts to specific servers but we can't use local admins for these particular group of accounts.
For the time being I was thinking about using AD to "logon on to" and enter the server names to limit the access but I was didn't know if there was any better approach to the solution. Any suggestion or any other ways to configure? Caveats?
For the time being I was thinking about using AD to "logon on to" and enter the server names to limit the access but I was didn't know if there was any better approach to the solution. Any suggestion or any other ways to configure? Caveats?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Security-wise, this is a no-go and limiting that account is the wrong approach.
https://technet.microsoft.com/en-us/library/dd548356%28v=ws.10%29.aspx?