I have a situation that hopefully someone can assist with. We have three service accounts on our windows server 2012 R2 box that I need to restrict access on. They are currently setup as local admins but for security reasons I need to remove them from this group. They need to have the ability to obtain a port on the server and use that port for transferring data. This is the main use of their role. They are used for our ecommerce website (Located in DMZ) to communicate with our SQL server (Located in LAN). All the servers are in a workgroup environment currently. This would be easier if we spun up a domain controller in the environment and used the domain users but that is not an option right now.
Can anyone assist with which role on the server will provide the security of these users while allowing them to perform the task they need to.