What account to use to run services
I just started a new job and on their Exchange 2007 server I have discovered that their exchange services run as either the Local System or Network Service instead of having a specific Active Directory account assigned. I have never seen these services configured
to run under these accounts, they have always been assigned a specific account with all the appropriate rights needed. Would appreciate any input on this, if this will cause any negative effects, change the default behavior of exchange, etc??
Thank youPhilip T
August 31st, 2012 2:24pm
All Exchnage 2007 services run either under local system or network.
http://technet.microsoft.com/en-us/library/aa998342(v=exchg.80).aspx
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2012 2:57pm
Thank you for the reply but it has been my experience with Exchange 2007 to always use a domain admin account to run these services. I understand what the Microsoft documentation states but I would like a real world answer as to if there are any downsides
to running these services with these local and network services accounts? 3 difference companies that I worked at have all assigned some domain admin account to run these services.
thanks. Philip T
August 31st, 2012 3:11pm
There is no requirement to run these under domain admin account, it was in previous older versions of Exchange. Yes, you can if you really want to, but not sure I undersand the reason. If Exchange is deployed in a split permission model, then using domain
admin account is not an option right?
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2012 3:19pm
That answers my question. Again, I personally have never seen Exchange 2007 run its services using these accounts. If theres no reason to change them then I will leave them alone.
thanks. Philip T
August 31st, 2012 3:24pm
On Fri, 31 Aug 2012 19:09:55 +0000, phil7269 wrote:
>That answers my question. Again, I personally have never seen Exchange 2007 run its services using these accounts. If theres no reason to change them then I will leave them alone.
Leave them alone. They haven't needed a "service account" since
Exchange 2000.
If you saw Exchange services running with "user" accounts it was a
gross misconfiguration (or a version of Exchange server prior to
Exchange 2000).
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
Free Windows Admin Tool Kit Click here and download it now
August 31st, 2012 5:40pm
On Fri, 31 Aug 2012 19:09:55 +0000, phil7269 wrote:
>That answers my question. Again, I personally have never seen Exchange 2007 run its services using these accounts. If theres no reason to change them then I will leave them alone.
Leave them alone. They haven't needed a "service account" since
Exchange 2000.
If you saw Exchange services running with "user" accounts it was a
gross misconfiguration (or a version of Exchange server prior to
Exchange 2000).
---
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP
August 31st, 2012 5:54pm