Here's what I have so far. Thoughts? -- Windows Service Account Policy -- Passwords must be > 20 characters in length Passwords must be human-unreadable (preferably auto-generated from a password management tool) requiring upper case alpha, lower case alpha, numbers AND special characters [Optional] If there is a service account management tool that can automate password control and changes, this would be used Service accounts will be in a dedicated OU in Active Directory that has inheritance disabled to ensure typical domain-wide policies arent unintentionally applied Service account GPOs will be applied that restrict the ability for them to be used like a typical human user account. This includes configuring the following: Disable Interactive logon Deny log on locally Deny log on through Terminal Services Logon restricted to specific machines Auditing enable for logon events Enable alerting for failed logons
-- Windows Service Account Management -- 1.Collect criteria a.Identify the process or function that requires a service account other than the BuiltIn Windows accounts b.Identify the specific servers that this service account needs access to c.Determine the level of system access needed (run as batch, log on as service, etc.) by the service account 2.Create accounta.Account name should start with "svc. " and be descriptive b.Assign a complex password that meets the requirements listed above c.In the AD properties under the "Account" tab, use the "Log On To" option to specify the servers this account has the ability to log on to d.Description field should contain the application name, process, and or function e.Place account into the ServiceAccounts OU Dave >> >> On 8 October 2014 21:40, Dave Lum >> <[email protected]<mailto:[email protected]>> wrote: >> >>> I've been tasked to create documentation on creation and management of >>> Windows Service accounts, does anyone here have something I can use >>> and >>> modify? >>> >>> TIA, >>> Dave >>> >>> >>> >>> >>> >> >> >> -- >> *James Rankin* >> --------------------- >> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization >> Practice Analyst - Desktop Virtualization >> http://appsensebigot.blogspot.co.uk >> >> > > > > > > > -- > James Rankin > --------------------- > RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization > Practice Analyst - Desktop Virtualization > http://appsensebigot.blogspot.co.uk >
