locked
implement service account / remove default domain admin privileges RRS feed

  • Question

  • hello,

    i am looking to move away from using the default domain admin for accessing network services (i.e. exchange) . id like to instead use specific service accounts throughout the domain. in regards to exchange can anyone shed some light on the steps required to accomplish this? i am running exchange 2007 in my enterprise.

     

    thanks in advance for any insight. 


    -chas
    Wednesday, August 31, 2011 1:57 PM

Answers

All replies

    1. Not sure for exactly what you want it for but services should either be running under the local system account or network service account.
    2. Accessing Exch, well, generally you should have secondary admin account to do admin type work
    3. What do you mean?

    Sukh
    Wednesday, August 31, 2011 2:12 PM
  • the exchange services are currently running as the local system account. 

     

    for any admin work done on the server we are currently using the defualt domain admin account. too many people in the department know that password. i dont want tier 1 helpdesk folks logging into the exchange server. 

     

    so i guess what  i am really looking to do is limit access to the server to only the appropriate people. 


    -chas
    Wednesday, August 31, 2011 2:57 PM
    1. What you need to do is read this link and understand how Exch works in terms of permissions and roles. - http://technet.microsoft.com/en-us/library/bb266972(EXCHG.80).aspx
    2. Then you should give the minimum permission for your helpdesk to perform those roles, such as Exchange Recipient Administrators - http://technet.microsoft.com/en-us/library/aa996881(EXCHG.80).aspx

    Sukh
    • Marked as answer by chaz1121 Wednesday, August 31, 2011 5:17 PM
    Wednesday, August 31, 2011 3:02 PM
  • thank you sir i have read the articles you referenced and now understand what needs to be done to accomplish this.

     

    i appreciate the insight.

     

    cheers. 


    -chaz
    Wednesday, August 31, 2011 5:17 PM