locked
What account to use to run services RRS feed

  • Question

  • I just started a new job and on their Exchange 2007 server I have discovered that their exchange services run as either the Local System or Network Service instead of having a specific Active Directory account assigned. I have never seen these services configured to run under these accounts, they have always been assigned a specific account with all the appropriate rights needed. Would appreciate any input on this, if this will cause any negative effects, change the default behavior of exchange, etc?? 

    Thank you


    Philip T

    Friday, August 31, 2012 6:09 PM

Answers

  • There is no requirement to run these under domain admin account, it was in previous older versions of Exchange. Yes, you can if you really want to, but not sure I undersand the reason. If Exchange is deployed in a split permission model, then using domain admin account is not an option right?

    • Marked as answer by phil7269 Friday, August 31, 2012 7:10 PM
    Friday, August 31, 2012 7:04 PM
  • On Fri, 31 Aug 2012 19:09:55 +0000, phil7269 wrote:
     
    >That answers my question. Again, I personally have never seen Exchange 2007 run its services using these accounts. If theres no reason to change them then I will leave them alone.
     
    Leave them alone. They haven't needed a "service account" since
    Exchange 2000.
     
    If you saw Exchange services running with "user" accounts it was a
    gross misconfiguration (or a version of Exchange server prior to
    Exchange 2000).
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by emma.yoyo Thursday, September 6, 2012 6:00 AM
    Friday, August 31, 2012 9:40 PM

All replies

  • All Exchnage 2007 services run either under local system or network.

    http://technet.microsoft.com/en-us/library/aa998342(v=exchg.80).aspx

    Friday, August 31, 2012 6:42 PM
  • Thank you for the reply but it has been my experience with Exchange 2007 to always use a domain admin account to run these services. I understand what the Microsoft documentation states but I would like a real world answer as to if there are any downsides to running these services with these local and network services accounts? 3 difference companies that I worked at have all assigned some domain admin account to run these services.

    thanks.


    Philip T

    Friday, August 31, 2012 6:57 PM
  • There is no requirement to run these under domain admin account, it was in previous older versions of Exchange. Yes, you can if you really want to, but not sure I undersand the reason. If Exchange is deployed in a split permission model, then using domain admin account is not an option right?

    • Marked as answer by phil7269 Friday, August 31, 2012 7:10 PM
    Friday, August 31, 2012 7:04 PM
  • That answers my question. Again, I personally have never seen Exchange 2007 run its services using these accounts. If theres no reason to change them then I will leave them alone.

    thanks.


    Philip T

    Friday, August 31, 2012 7:09 PM
  • On Fri, 31 Aug 2012 19:09:55 +0000, phil7269 wrote:
     
    >That answers my question. Again, I personally have never seen Exchange 2007 run its services using these accounts. If theres no reason to change them then I will leave them alone.
     
    Leave them alone. They haven't needed a "service account" since
    Exchange 2000.
     
    If you saw Exchange services running with "user" accounts it was a
    gross misconfiguration (or a version of Exchange server prior to
    Exchange 2000).
     
    ---
    Rich Matheisen
    MCSE+I, Exchange MVP
     

    --- Rich Matheisen MCSE+I, Exchange MVP
    • Marked as answer by emma.yoyo Thursday, September 6, 2012 6:00 AM
    Friday, August 31, 2012 9:40 PM