• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 45
  • Last Modified:

Services Account Configuration

How the the service account configuration should be? Do we need to add the service account in administrators groups?
I think it should be only domain users with no password expiry and add it to ACT AS PART OF THE OPERATING SYSTEM in group policy. Let me know if there is any suggestion.

REgards
0
Se Lai
Asked:
Se Lai
  • 2
  • 2
  • 2
  • +1
2 Solutions
 
SeanSystem EngineerCommented:
What are you trying to accomplish with these? If it is just to run a program on a specific computer then I would add that service account as a local admin to that PC only and leave it as a standard user on the domain. If you are trying to use it to authenticate for LDAP querys then you don't need admin rights to do that so an standard user will work.

Only in an extreme case would I set a service account as an admin anywhere other than a local PC and be sure there is a policy to change that password often.

Any other account just set to never expire, generate a long cryptic password and document it and let it run.
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
  • Use managed service accounts whenever possible
  • Deny logon locally
  • Set User cannot change password and type password out for vendors (do not give them passwords)
  • Set maximum password (128 characters, use copy and paste) and do not reuse passwords
  • Never, ever give Domain Admin rights
  • Store passwords in vault
  • Always assign owner and give full descriptions
  • Follow proper naming-standard
0
 
Se LaiSystem Administrator Author Commented:
Thank you

Manage account mean? Can explain it little more
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
DonNetwork AdministratorCommented:
0
 
Se LaiSystem Administrator Author Commented:
I am trying to restrict all service accounts from domain rights. only allow them to able to run services... mean third party applications or exchange. SQL and so on.
0
 
Shaun VermaakTechnical Specialist/DeveloperCommented:
Was still editing...

0
 
SeanSystem EngineerCommented:
Best solutions.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now