Re: Service accounts best practices

From: Joe Richards [MVP] (
Date: 06/17/05

Date: Thu, 16 Jun 2005 20:21:59 -0400

Make them document exactly why they need domain admin. I have done this dance
with several vendors. Generally they say that because they have no idea what
their app needs nor why.


Joe Richards Microsoft MVP Windows Server Directory Services
Ferdie wrote:
> Can someone point me to a guide to securing service accounts?  I have some 
> accounts that require Domain Admin rights (or so they say), but don't need 
> to log on locally.  I'd like to remove that right, so that they don't use it 
> to bypass the logical access control.  There might be some other issues that 
> come up, so I might need a guide.
> Thanks,
> Ferdie