Viewing 2 reply threads
  • Author
    Posts
    • #15234
      Erik vandestolpe
      Participant
      Member Points: 0
      Rank:

      One of my dilemma’s: what account to use in Task Manager jobs. The larger our comapny grows, the more important it becomes. These tasks that just copy data every night from one machine to another. Are simple domain accounts preferable? Or one domain user for each and every job? Or everyjobs its own domain account? Is there an optimal solution for this? How do I deny interactive logons using such an account?

    • #15237
      Joseph Moody
      Moderator
      Member Points: 1,918
      Rank: 3

      I prefer dedicated accounts for each job. You can use Group Policy to control interactive logon and batch logon. These settings are under Computer Configuration/Policies/Windows Settings/Security Settings/Local Polices/User Right Assignments.

       

      You might find it easier to create a group and deny it the Log on Locally permission instead of listing each user.

    • #15238
      Kyle Beckman
      Moderator
      Member Points: 352
      Rank: 2

      As a rule of thumb, you should really avoid using local accounts on domain-joined computers for just about everything.  Local accounts aren’t managed centrally and can easily become a liability to your organization if they are compromised.  You also mentioned that you have jobs that are copying data across machines… all the more reason to use a domain account for the job so you’re not having to create multiple local accounts across multiple servers.

      As for how many accounts… that really depends.  If the accounts that you’re creating all have local Admin on the server, you’re really just creating more management overhead by having multiple accounts for multiple jobs since, ultimately, the accounts can pretty much do whatever they want. However, if each account isn’t a local Admin and only has access to the specific set of data it is copying, then it would make sense to separate them out and have multiple accounts.

Viewing 2 reply threads
  • You must be logged in to reply to this topic.
© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account