asked on
Services Account Configuration
How the the service account configuration should be? Do we need to add the service account in administrators groups?
I think it should be only domain users with no password expiry and add it to ACT AS PART OF THE OPERATING SYSTEM in group policy. Let me know if there is any suggestion.
REgards
I think it should be only domain users with no password expiry and add it to ACT AS PART OF THE OPERATING SYSTEM in group policy. Let me know if there is any suggestion.
REgards
* permissionActive Directory
Last Comment
Sean
- Use managed service accounts whenever possible
- Deny logon locally
- Set User cannot change password and type password out for vendors (do not give them passwords)
- Set maximum password (128 characters, use copy and paste) and do not reuse passwords
- Never, ever give Domain Admin rights
- Store passwords in vault
- Always assign owner and give full descriptions
- Follow proper naming-standard
ASKER
Thank you
Manage account mean? Can explain it little more
Manage account mean? Can explain it little more
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
I am trying to restrict all service accounts from domain rights. only allow them to able to run services... mean third party applications or exchange. SQL and so on.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Best solutions.
Only in an extreme case would I set a service account as an admin anywhere other than a local PC and be sure there is a policy to change that password often.
Any other account just set to never expire, generate a long cryptic password and document it and let it run.