Active Directory Certificate Services - run the service using a domain service account RRS feed

  • Question

  • Hello,

    Is it possible to have the service "Active Directory Certificate Services" runing using a domain account instead of the "Local System account"?
    If so, what's the configuration needed for this (for eg. : make the AD account member of the local administrator group, GPO : "Log on as a service", "Replace a process level token" ...) ?

    Thanks in advance !

    Wednesday, May 26, 2010 3:43 PM

All replies

  • Hi,

    In theory, it’s possible. However, there is no official document to guide the operation. We may need to change many permission settings to get it work and these changes may affect your system security, it’s not suggested and not worth to do so.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Wednesday, June 2, 2010 6:16 AM
  • Hello,

    Thanks a lot for your reply.

    Yes I guess so ... I tried several permission settings, but I couldn't make it work. Do you have any idea about settings that I can try ?


    Thursday, June 3, 2010 2:16 PM