What are the best practices for service accounts?

Posted by LockeCJ on Server Fault See other posts from Server Fault or by LockeCJ
Published on 2012-09-28T21:46:28Z Indexed on 2012/09/29 3:40 UTC
Read the original article Hit count: 538

Filed under:

windows-server-2003

|

active-directory

|

best-practices

We're running several services in our company using a shared domain account. Unfortunately, the credentials for this account are widely distributed and being used frequently for both service and non-service purposes. This has led to a situation where it is possible that the services will be temporarily down due to this shared account being locked.

Obviously, this situation needs to change. The plan is to change the services to run under a new account, but I don't think this goes far enough, as that account is subject to the same locking policy.

My questions is this: Should we be setting up the service accounts differently than other domain accounts, and if we do, how do we manage those accounts. Please keep in mind that we are running a 2003 domain, and upgrading the domain controller is not a viable solution in the near term.

© Server Fault or respective owner

Related posts about windows-server-2003

Rotate monitor to portrait on Windows Server 2003 with ATI card

as seen on Super User - Search for 'Super User'
Does anyone know if it is possible to rotate a monitor from landscape to portrait mode on Windows Server 2003 32-bit with an ATI video card? According to Dell's site, I should be able to rotate my Dell P2310H monitor by installing drivers from their website, but they don't have drivers for Windows… >>> More
Windows Server 2003 Trial Activation Issue

as seen on Server Fault - Search for 'Server Fault'
I have a Windows Server 2003 (R2 Enterprise with SP2) VM, originally installed with a trial license. We forgot about the server, and now more than 120 days has passed, and I can't do anything with the server. I seem to be at a dead end with the existing installation. When I log in, I get: The… >>> More
Windows Server 2003 can't see Vista machine

as seen on Server Fault - Search for 'Server Fault'
Hi there, I've got a real PITA problem that I'm sure has a really simple solution. I have a Windows Server 2003 machine that needs to be able to see the network name of a Vista box - but refuses to. It can see the Vista box (and even access its shared folder) if I enter the Vista box's IP address… >>> More
Windows server 2003 default administrator password

as seen on Stack Overflow - Search for 'Stack Overflow'
Sorry if this is an overly simplistic question, but I'm a bit stuck here. :) I need a windows machine for me to do some programming for class. Since I have my Macbook with me everywhere I go, I figured that it would be easiest to install a vm. And since I can get a copy of Windows server 2k3 for… >>> More
Windows Server 2003 - Handling hundreds of simultaneous downloads

as seen on Server Fault - Search for 'Server Fault'
At the moment I have a single server with 4 1TB hard disks, daily I haver over 150 MP3 music files uploaded (around 80mb each). At busy periods there is over 300 people streaming / downloading these mixes all at once, 75% of the activity is on the most recently uploaded stuff which is all on a single… >>> More

Related posts about active-directory

Can't join OS X Mavericks to AD Domain

as seen on Server Fault - Search for 'Server Fault'
I'm attempting to join an OS X Mavericks (10.9) client to a Windows Server 2008 Active Directory domain, however the bind fails with this error in the OS X client's system.log: Oct 24 15:03:15 host.domain.com com.apple.preferences.users.remoteservice[5547]: -[ODCAddServerSheetController handleOtherActionError:… >>> More
Retrieve user details from Active Directory using SID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her SID. I don't want to rely on other attributes, since I am trying to detect changes to these. Example: I get a message about a change to user record containing: Message: User Account Changed: Target Account Name: test12 Target… >>> More
Retrieve user details from Active Directory using GUID

as seen on Server Fault - Search for 'Server Fault'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Retrieve user details from Active Directory using GUID [closed]

as seen on Super User - Search for 'Super User'
Hi, How can I find a user in my AD when I have his/her GUID. I don't want to rely on other attributes, since I am trying to detect changes to these. >>> More
Office365 DirSync Active Directory Integration

as seen on Server Fault - Search for 'Server Fault'
I am preparing to deploy Office365 for my organization. We have an on premise Active Directory Domain Controller (Windows Server 2012 R2). We would like to leverage our Active Directory for: automatic user provisioning in Office365, and password synchronization, using the DirSync tool. Our Active… >>> More