General discussion
Thread display: Collapse - |
All Comments
Start or search
Create a new discussion
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Keep generic accounts from console
What are some suggestions on how to extend accountability to a ?service account?? When I say ?service account? I mean a generic domain account with a password used by an application. We have implemented Active Directory and utilize group policy.
We are running into several issues with applications that require a generic local admin account with logon local rights. It wouldn?t be as major an issue if we could control the account from logging into the console locally. At least, via restricted groups, we could pinpoint the users that can log on locally to the server to install the application utilizing this account. The user could logon locally to the console and begin the installation and insert the account where prompted.
One solution proposed is this: If the app breaks at 3:00am, the user with local admin rights could install theapp and use their account for the service account until someone with the secure password could be available to type it in. Then the user name could be replaced with the service account name and password. That seems a nuisance for all parties. Is that my only option?