The other day after restriction of service accounts on a network, I was faced with troubleshooting why some scheduled tasks stopped running. The accounts that ran the tasks were no longer part of the administrators group on the local machine in an Active Directory environment. Not even Power User or Serer Operator group will work for you here, and we are referring to Server 2003 +
I believe the best practice is to create a domain user, and then incorporate that account in to each local machine's local Administrators Group as necessary to perform its tasks.
No comments:
Post a Comment