none
Install certificate for dedicate service account

    Question

  • Hi,

    For security reason, I created a user account dedicate to services (AdminService@domain). I made a GPO to disallow session logon on windows computer for it.

    So services are running as AdminService@domain and all goes fine except for services who need certificate. Due to my GPO I cannot logon and cannot install certificate.

    What is, then, the best way to do it... If it is doable?!

    Note that I prefer find another solution than to disable my GPO to be able to install certf and then reenable it... I will have to update the cert 3 times a year. Actually, does the service would access the certificate if it's not allow to open windows session? It just have "Open as a service" rights?...

    Thanks,

    Stéphane

    Tuesday, June 12, 2018 9:44 AM

All replies