Information Technology Reference
In-Depth Information
This objective covers how to:
Create and configure service accounts
Create and configure Managed Service Accounts (MSAs)
Create and configure group Managed Service Accounts (gMSAs)
Configure Kerberos delegation
Configure virtual accounts
Manage service principal names (SPNs)
Creating and coniguring service accounts
You create a service account exactly the same way as you create any user account. You can
create a service account as a local account or as an Active Directory account. Service accounts
should be created with user-level permissions and should not be members of the Domain
Admins group or the local Administrators group on the server they are for.
Windows Server 2008 R2 introduced Managed Service Accounts (MSAs), and Windows
Server 2012 introduced group Managed Service Accounts (gMSAs). Both are preferable to
using a regular user account for services and are described later in this objective.
To create a local service account, use Computer Management and select the Users folder
of Local Users And Groups in the console tree. Or open the Local Users And Groups console
directly by typing lusrmgr.msc at a command prompt. Then follow these steps:
Right-click Users in the console tree and select New User from the Action menu.
1.
Enter a User Name, Full Name, and Description for the account.
2.
3. Enter a Password and Confirm the password.
4. Clear the User Must Change Password At Next Logon check box. Set any additional
options and then click Create to create the account.
To create a domain service account, use Active Directory Users and Computers to create
the account by following these steps:
1. Right-click the organizational unit (OU) where you want the service account created
and select New, User from the Action menu.
Enter a Full Name and User Logon Name and then click Next.
2.
3. Enter and confirm a password and then clear the User Must Change Password At Next
Logon check box. Set any additional options, click Next, and then click Finish to create
the account.
Services or applications that require a service account typically configure the associated
application permissions to run the application and associated services with the minimum and
appropriate permissions to start and run the service. SQL Server, for example, sets different
 
 
Previous Page
Next Page
Administering Windows Server 2012 R2
Search WWH ::




Custom Search
Home