Questions tagged [service-accounts]
The service-accounts tag has no usage guidance.
92
questions
12
votes
1
answer
3k
views
Scheduled restart of a service with powerhshell as non-admin service account
Before I get shot down, I know how to schedule a task, restart a service with powershell or give a non-admin account the privileges to restart a service. That isn't the problem. The problem however is ...
- 318
9
votes
3
answers
42k
views
Using a Group Managed Service Account (gMSA) for a scheduled task
Back in Windows Server 2008 R2, when stand-alone Managed Service Accounts (sMSA) were new, they could not be used to execute scheduled tasks. In Windows Server 2012 however, there is a new type of ...
- 2,073
8
votes
3
answers
369
views
Whats the point of a service account?
At work they want me to create a service account to run the app pool for my web application in iis under.
Why would this be useful and/or necessary?
- 279
8
votes
2
answers
3k
views
Which user should a backup service run as?
I'm working on an application which uses Volume Shadow Copy Service to backup a particular file at regular intervals. This works when run as admin but when I run the service under the "Network Service"...
- 263
6
votes
3
answers
3k
views
If account is disabled while logged in can it remain logged in?
We have an account that connects in via VPN to pull data from one of our databases. Recently it has not been able to pull the data down.
Looking at it the account is disabled however I feel that ...
user35213
6
votes
2
answers
21k
views
Prevent service accounts from logging in locally or remotely
We have a company doing development for us in-house and they have access to several service accounts. The company rotates people in and out, and instead of requesting accounts the developers are using ...
- 1,648
6
votes
3
answers
6k
views
Recommended service account setup for MS SQL Server 2005/2008
We have a number of MS SQL servers in our environment running either SQL Server 2005 standard/enterprise or SQL server 2008 enterprise. Currently the SQL services are running as local service or ...
- 1,384
5
votes
3
answers
3k
views
Task Scheduler with Virtual Accounts, possible?
Currently I'm using LOCAL SERVICE as the user account for various regular tasks, and was wondering if it was possible to use a Virtual Account instead.
Task Scheduler seems to reject NT SERVICE\ ...
- 406
5
votes
4
answers
15k
views
How can I run a process as "NT Authority\NetworkService"?
I'm toying with an idea for a script that would update a computer's details in Active directory with its make and model information. Ideally, I'd like this script to access AD via its computer account,...
- 1,378
5
votes
1
answer
2k
views
What are the attributes of a Service Account?
What settings in AD make a service account, a service account?
I know that the login into probably shouldn't be given to anyone but the administrators, that it might be used to run a service, I also ...
- 4,909
5
votes
4
answers
7k
views
How to manage logon as service right for virtual account in face of domain group policy?
I would like to use the default SQL Server setup that runs SQL Server service with virtual account NT SERVICE\MSSQLSERVER. That ensures my SQL Server has limited access on its own machine and no ...
- 61
5
votes
3
answers
7k
views
Setting up Group Managed Service Account on Windows Server 2012 R2
I have a Windows 2012 R2 domain controller called cox.win.testlab. I have set up a group of hosts where I would like to use a gMSA (Group Managed Service Account). This group is called SQLManagedHosts....
- 2,188
4
votes
2
answers
8k
views
Network Service account or domain account? [closed]
What are the pros and cons, or best practices when it comes to setting up applications on a server with either the Network Service account or a domain account?
Are there some cases in which you'd do ...
- 855
4
votes
2
answers
4k
views
Creating Limited User Accounts on Ubuntu Server
Using Ubuntu server, I need to create some user accounts that have the following limitations:
(1) User may only view and manipulate files in their home directory.
(2) User may only execute commands ...
- 1,510
4
votes
3
answers
2k
views
When should new service accounts be created/used?
At my organisation there are conflicting schools of thoughts around service accounts. This has come up because they wish to deploy SQL Server for the sole purpose of running SharePoint databases.
One ...
- 2,017
4
votes
2
answers
9k
views
How do I Generate a Bearer Token for cURL to Get Thru IAP (GCP)?
I need to cURL a web app hosted behind IAP on GCP.
Normally, users log in through IAP and use the web app, but I need to run some cURL commands (interactive and non-interactive) that hit the web app ...
google-cloud-platform
4
votes
1
answer
5k
views
Sudden permissions denied for service account
I Have a ServiceAccount that has permissions to do all sort of things on my GCP project, and a Jenkins pipeline that runs on nightly basis and shutdown one of my GKE environments.
Few days ago i've ...
4
votes
2
answers
1k
views
Deploying as service account (using `gcloud app deploy`) gives “API [appengine.googleapis.com] not enabled on project [%id%].”
I am struggling to make automated deployment using a service account work. First I created a new service account and now I am using a default %my-project-name%@appspot.gserviceaccount.com because ...
4
votes
1
answer
806
views
Giving permissions to Virtual Service Accounts on domain controllers
The service I'm implementing will run on a domain controller, so I'd like it to have minimal privileges.
Ideally, it would simply run as Local Service. However, it needs to be able to:
monitor ...
- 141
4
votes
2
answers
43k
views
Issue connecting to AD FS configuration database
I just installed the AD FS role on my DC using the Windows Internal Database. All seemed to be fine after I set everything up, however, once I restarted my DC, when attempting to load the AD FS ...
- 53
3
votes
2
answers
3k
views
What are best practices for creating a system account? (*NIX)
I've manually installed a service called Gate One into /opt. I want to harden its security, so I thought I'd create a system account for it to use, because of least necessary privileges, and all that.
...
- 891
3
votes
3
answers
2k
views
Allow members of a group to be unlocked by a specific account on AD
Background
I'm creating a service to allow support staff to enable their firecall accounts out of hours (i.e. if there's an issue in the night and we can't get hold of someone with admin rights, ...
- 1,278
3
votes
1
answer
1k
views
Moving Service Accounts to a new OU
I just want to double check before possibly breaking something. I want to move the majority of created service accounts in AD to another OU (doing a clean up). I understand Exchange service accounts ...
- 33
3
votes
1
answer
3k
views
How to use JSON keys with google cloud gsutil to manage multiple Keys
We have multiple GCP Service account keys from different environment such as DEV,STAGING,..PROD.
I would like to run a command in my jenkins box which is there in Dev environment to create access DEV ...
3
votes
2
answers
10k
views
ERROR: (gcloud.auth.activate-service-account) Could not read json file /root/gcloud-service-key.json: No JSON object could be decoded
I'm getting the below error when running CI/CD pipeline in GitLab.
$ echo "$GCLOUD_SERVICE_KEY" > ${HOME}/gcloud-service-key.json
$ gcloud auth activate-service-account [email protected]....
- 131
3
votes
1
answer
1k
views
Group Managed Service Accounts per service per server (Best practice?) and long names?
I've talked with a few colleagues about what might be best practice for using group managed service accounts in our environment.
It seems that ideally, we would create 1 gMSA per service (e.g. SQL ...
- 141
3
votes
1
answer
1k
views
Change service user password in AD running service
I have a running service with logon user credentials using a service account in AD.
If I change the service account password in AD users and groups but not on the service startup/logon details would ...
- 1,150
3
votes
1
answer
529
views
SQL Service Accounts and which to use
I've done lots and lots of searching and I cant seem to find a simple answer, I assume it is because everyone's circumstances differs however;
We need to setup a few SQL servers for production and I ...
- 305
3
votes
1
answer
861
views
Impersonation Service Account
I am bringing up AppXtender Workflow Manager. One of the instructions is to create an Impersonation Service Account. I have never heard of such. What is it and how do I create an impersonation service ...
- 257
3
votes
3
answers
909
views
Can TFS 2010 be configured with managed service accounts?
I'm trying to deploy TFS 2010 in a sandbox environment, and I created a managed service account for TFS. However, I seem to be unable to configure it in the Advanced Configuration Wizard.
The error ...
- 253
3
votes
1
answer
3k
views
Why Domain Admin Cannot Enable Domain Wide Delegation for Service Accounts?
We need to use service accounts for our application instead of individually end users to call some Google Apis such as Admin Directory Api. There are 3 members of this project which are me as owner, ...
2
votes
2
answers
38k
views
AD Read-Only Account (for Authentication)
I have experience with Linux server administration, however when it comes to Windows I'm pretty much a newbie.
I have a lot third-parties applications that use an AD admin account to perform its ...
- 1,351
2
votes
1
answer
3k
views
SPN generation for multiple service account on a Web server
I am trying to achieve Azure SSO in my organisation. I have a web server hosting multiple websites and web application under those sites. Users access them in below fashion
https:// < SiteName >...
2
votes
1
answer
4k
views
How to provide access to only one instance to users in Google Compute Engine?
I'm trying to find a solution to provide an external worker access to an instance in our project but not all resources.
I have done some research and found two methods on how to do this.
First ...
2
votes
1
answer
219
views
VM instance down suddenly and fail to restart, showing 'serviceAccount' was not found [closed]
I have a Django server running in VM instance, the server working fine before this, but this morning the server was unable to access. So I tried to SSH into the VM instance, but it took a long time ...
2
votes
1
answer
280
views
Who or what needs user "operator" in OSX
Our OSX server 4 Yosemity 10.10 is bound to AD where an unrelated user "operator" exists. Reportedly the OSX server tries to use account "operator" without the proper password, and this action locks ...
- 21
2
votes
1
answer
411
views
howto restrict active directory account for PEAP/non-CIFS only
We have some voip phones that we want to integrate into our PEAP WiFi network, and I'm concerned about just creating a standard AD account and using that. If someone got hold of such long-term account ...
- 181
2
votes
0
answers
2k
views
Group Managed Service Account access to network share on remote server
We've got a service running using a Group Managed Service Account on a Windows Server 2016 host (HostA).
We're extending the functionality of this service so that it runs an R script which needs to ...
- 141
2
votes
0
answers
2k
views
Behaviour of environment variables in HKCU\Volatile Environment reg key
I have a .bat script that runs for every user at login (copies Oracle Java Exception Sites). It copies a file to:
%userprofile%\appdata\LocalLow\Sun\Java\Deployment\security\exception.sites
...
- 21
1
vote
1
answer
290
views
Why Apache can run a command and root cannot?
I have a server-side script executed by Apache running as www-data. The script runs fine on the server when called remotely (http://example.com/script.sh).
I am trying to run the same script on the ...
- 3,617
1
vote
1
answer
4k
views
BITS http download job fails to connect for owner Local SYSTEM account
A service I have written that uses BITS (Background Intelligent Transfer Service) to auto update itself is having a problem on some machines (Windows 7 so far).
I have been investigating and have ...
- 263
1
vote
1
answer
88
views
Windows - Restrict ability to run application to one service account
I've been asked to write a script that enters information from one application into another - and I've done it using a combination of Python, Selenium and Firefox (it's a temporary measure before a ...
- 13
1
vote
1
answer
3k
views
Minimum level of access required for service account to run a scheduled task on server?
We have 2 domain administrator accounts in Active Directory: "Administrator" and "Robocopy".
Robocopy is a service account associated with a scheduled task which executes a batch file- which runs ...
- 1,180
1
vote
1
answer
2k
views
How do I create a Managed Service Account in Windows 7
I'm trying to create a Managed Service Account on Windows 7. I've followed the steps in the guide to Managed Service Accounts to enable the Active Directory Powershell snap-in.
The first thing I ...
- 525
1
vote
1
answer
2k
views
Login to HashiCorp Vault with Kubernetes Auth from Pod with Vault CLI
TL;DR: What is the proper way to login from Vault CLI in a Kubernetes Pod using the Kubernetes Auth Method.
I want to create regular snapshots from my HashiCorp Vault raft storage. So I created a ...
- 131
1
vote
1
answer
2k
views
Pod assigned node role instead of service account role on AWS EKS
First some info about the setup:
EKS version: 1.21
eksctl version: 0.77.0
AWS Go SDK verion: v1.44.28
Deploying using kubectl
I have a k8s cluster on AWS EKS on which I am deploying a custom k8s ...
- 131
1
vote
1
answer
3k
views
Display Existing Policy Bindings for GCP Service Account
I'm setting up a service account to access a CloudSQL DB from GKE. I've created both the GSA and the KSA, and have executed the command to associate the two (gcloud iam service-accounts add-iam-...
- 13
1
vote
1
answer
248
views
AIX non-expiring account lock - who is locking it?
I have a non-expiring service account on an AIX server which I use to connect to my database.
Every couple of weeks some user or task tries to connect to the account with the wrong password, and the ...
- 11
1
vote
3
answers
3k
views
Locating services running as an Active Directory user account
My organization's password policy requires that passworsds for two accounts in particular be updated/changed on a regular basis.
Is there a way to determine where a particular AD user account has ...
- 85
1
vote
2
answers
4k
views
Can I schedule Windows Server Backup using a managed service account?
I've set up a scheduled backup using the Windows Server Backup. Also, I've created a managed service account that should execute the backup, but the Schedule wizard doesn't accept the user account.
...
- 176
Related Tags
active-directory × 22
windows × 13
sql-server × 8
security × 6
permissions × 5
windows-service × 5
google-iam × 5
kubernetes × 4
scheduled-task × 4
terraform × 4
best-practices × 4
powershell × 3
service × 3
groups × 3
gcloud × 3
linux × 2
ssh × 2
azure × 2
more related tags
Hot Network Questions
- Negotiated conditions not met after taking back resignation
- How do I ask my previous managing director for a recommendation she offered when I was leaving?
- Applying Superposition principle - Hayt fig 5.7
- How bad is topping out a suspension fork?
- Correctness of mixed signed/unsigned arithmetic
- What would happen if a small black hole fell into a star?
- Issue with the Hook Modifier in Curve Distortion
- In Princes of the Apocalypse, is this monster “supposed to” kill a player character?
- How do I reset file ownership at the command line when the files are owned by users from a dead domain?
- Parse nested absolute values
- Does becoming a warlock mean said warlock will become a "Soul Coin" upon death?
- Would a larger pipe bring hot water to a sink faster or slower than smaller pipe?
- Can the chefs go?
- Why does the typical magneto switch have R on the left and L on the right?
- ST_ReducePrecision function does not work properly
- Are there any Kausal and Modal prepositions in German?
- Cardinality of subset of P(A) that contains all the sets with lesser cardinality than A
- Deciding to not apply to a college that I have met with a faculty member, advice on what to do
- What was the role of Schmidt in derivation of the Gram-Schmidt process?
- Why is Kali released as a VM?
- What is the meaning of "life of the collar"?
- What was the first work that used an earworm as a defense against a mental attack or probe?
- Can I use p-values without hypothesis?
- Is there any benefit in trying to play a song by ear?