exchange 4.0 Service account

exchange 4.0 Service account

Post by Ray Alexande » Tue, 25 Aug 1998 04:00:00



how should i set this up?
What permissions should it have?
help!
 
 
 

exchange 4.0 Service account

Post by Brian Bakke » Wed, 26 Aug 1998 04:00:00


Firstly, name the NT account something like "ExchangeService" in User
Manager for
Domains and it should have both the "User Cannot Change Password" and
"Password
Never Expires" boxes ticked in the User Properties.  Also in the "User
Rights Policy", this account should have the right to "Log on as a Service"
(Click the "Show Advanced User Rights" box to see this right)

Finally assign this account to all the Exchange Services in Services
Properties.  Nobody should be using this account to log on.

Hope this helps

Brian Bakker


>how should i set this up?
>What permissions should it have?
>help!


 
 
 

exchange 4.0 Service account

Post by Anthon » Wed, 26 Aug 1998 04:00:00


It should be a completely separate NT domain account that you will not use
for any other purpose.  It should have a very random and confidential
password.  It does not need to have any special permissions at the NT level.
Exchange will give it the necessary rights and permissions when you specify
the account during the Exchange installation process.  You should create the
service account first, then install Exchange.  When you install the product,
you should be logged on under the account that you intend to use as your
lead administrator account; you should NOT install the product while logged
on under the service account.  This procedure will provide you with maximum
security.

If you really want tight security, use a long password for the service
account, and divide the password up among two or more people, so that each
person only supplies one part of the password.

Remember, anyone with access to the service account can read anyone's mail
and impersonate any mailbox.

--
Anthony


>how should i set this up?
>What permissions should it have?
>help!