2 Replies Latest reply on Aug 25, 2012 12:16 AM by nrms

    User v. Service Accounts

    nrms

      At the moment, all of my SolarWinds "admin" credential requirements are handled via a single user account with Domain Admin rights. The use of this account covers:

      • Scheduled task execution (e.g. Scheduled Reports)
      • Authentication to Exchange 2010 (for email sending in the Alert Manager and Report Scheduler)
      • WMI Authentication for SAM components
      • probably other things I've forgotten

       

      We are about to raise our Windows Domain Functional Level to Windows 2008 R2 which introduces the concept of "service accounts". Management want to move any non-personal accounts used for things like this to become service accounts rather than user accounts. Has anyone tried this for any of the areas listed above to confirm if a service account is suitable for this sort of thing, or do we need to keep the account type as a "user" account? I think the main reason behind using service accounts is that they do not have a password; but they also lack the ability to log onto devices.

       

      Also, given they want to start enforcing regular password changes on any remaining admin user accounts, how many places would I need to go to to change the password every time we do a password change on teh admin account (assuming we have to leave it as a user account rather than a service account)?

       

      Thanks!

        • Re: User v. Service Accounts
          aLTeReGo

          I haven't personally tested using service accounts for this purpose but based on the limitations imposed on them they're ill suited for what you describe. Service accounts in 2008 R2 are designed to be used for running individual Windows Services (Control Panel\All Control Panel Items\Administrative Tools\Services) under different user accounts instead of Local Service.

          1 of 1 people found this helpful