Naming Convention For Service Accounts
Hi,
I'm in the process of tidying up AD and
I'm trying to come up with a decent naming convention for service
account. If anyone could share what they use or point me in the
direction of a decent article with examples that would be great.
ThanksAndrew
February 19th, 2009 12:51am
Hi Andrew,Following my Suggestion:- Domain Admins accounts: A1xxadm- Desktop Admins accounts: D2xxadm- Applications services accounts: yourdomain-sa-appname (ex: domain-sa-backupexec)Where:A1 = First level of administration of your AD/NetworkD2 = Desktop Admins, second level of administrationxx = First letter of first name and first letter of last namesa = Service AccountI hope it can help you.Cheers,Marcelo.Marcelo Braga -- Um discipulo de Jesus -- MCT/ MCSA/ MCITP/ MCTS Exchange 2007.
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2009 4:48am
Hi,Just thinking aloud, I would, if I were in your shoes, standardize on the name of all service accounts. For example, for site LONDON (in the EU domain):EU-LON-MonitoringSvc (add a descriptive description in the Description property of the account in AD)I would then move all service accounts to an OU (again, ymmv) so that I can easily define the restrictions I want to implement for these accounts (for example, I would deny these accounts "Log on Locally" rights and give "Log on as a Service" rights).Just to add, here's a Technet article on Securing Accounts (including service accounts):http://technet.microsoft.com/en-us/library/cc700835.aspxRegards,Salvador Manaois IIIMCITP | Enterprise & Server AdminMCSE MCSA MCTS CIWA C|EHBytes & Badz: http://badzmanaois.blogspot.com
February 19th, 2009 8:56am