Re: Service accounts best practices

From: Joe Richards [MVP] (humorexpress_at_hotmail.com)
Date: 06/17/05


Date: Thu, 16 Jun 2005 20:21:59 -0400

Make them document exactly why they need domain admin. I have done this dance
with several vendors. Generally they say that because they have no idea what
their app needs nor why.

    joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net
Ferdie wrote:
> Can someone point me to a guide to securing service accounts?  I have some 
> accounts that require Domain Admin rights (or so they say), but don't need 
> to log on locally.  I'd like to remove that right, so that they don't use it 
> to bypass the logical access control.  There might be some other issues that 
> come up, so I might need a guide.
> 
> Thanks,
> Ferdie 
> 
> 


Relevant Pages

  • Re: Service accounts best practices
    ... > Joe Richards Microsoft MVP Windows Server Directory Services ... > Ferdie wrote: ... >> Can someone point me to a guide to securing service accounts? ... >> some other issues that come up, so I might need a guide. ...
    (microsoft.public.win2000.security)
  • Re: Service accounts best practices
    ... The only people who should have domain admin rights are the exact people doing ... >>Joe Richards Microsoft MVP Windows Server Directory Services ... >>Ferdie wrote: ...
    (microsoft.public.win2000.security)