Regarding windows services ?
Hi all, I have few services which start as logon service using my username and password, I happened to change my domain username and password After that the service does not start, says logon failure, but after changing it manually, it works fine My question is do I have to manually change the username and password. How is it possible to ask the end user to do the same, is there any other way to do it , without any user intervention OS: Windows 2008 R2 Server 64bit Note: the User has Administrative privileges appreciate your help... Regards Pradish
May 12th, 2010 7:50am

My question is do I have to manually change the username and password. Yes, when you run a service under the credentials of a useraccount and you change the username or password (or SID, to be complete), you will have to make these changes to the properties of the service manually as well. This is a common problem with 'Service accounts'. How is it possible to ask the end user to do the same, is there any other way to do it , without any user intervention When the user has administrative privileges, the user can perform the same actions as you would have performed. This becomes tedious indeed. Luckily, with Windows 7 and Windows Server 2008 R2, Microsoft introduced the Managed Service Account with Active Directory. Note: The domain and forest will need to be prepared for Windows Server 2008 R2. When running pre-Windows Server 2008 R2 Domain Controllers, the functionality will work, except for automatic password and SPN management. It is therefore advised to use Windows Server 2008 R2-based Domain Controllers when utilizing this feature. You could compare Managed Service Accounts with the Local System, Network Service and Local Service accounts. A Managed Service Account, derived from the computer account object, offers a big benefit: just like with a computer account and the typical local system accounts, the managed service account will automatically change it password regularly. IT can also update its Service Principle Name (SPN) automatically. From a security point of view, this means, in a worst case scenario, a sniffed (and decoded) password(hash) can only be used for a limited amount of time. It also means that when the account is only given the barely minimum privileges, an attacker cannot exploit a vulnerability in the service, beyond the service itself. Note: Probably because of this security concern, a managed service account can only be assigned to one host at the time. From a management point of view, it means you can create automatically changing service accounts per service per host. After renaming the host, the service will start like it did before. The command to create a Managed Service Account after enabling PowerShell Active Directory Management (using Import-module Active Directory) would look something like: New-ADServiceAccount -Name MSA-Host1 -Path "CN=Managed Service Accounts,DC=domain,DC=tld" Note: While creating a Managed Service Account is also possible using Active Directory Users and Computers (ds.msc), this is not the ideal way to create these accounts. Then, to assign the Managed Service Account to a host, use the following command: Add-ADComputerServiceAccount -Identity Host1 -ServiceAccount MSA-Host1 As a last step, install the Managed Service Account on the host, that hosts the service, in this case Host1: Import-module Active Directory Install-ADServiceAccount -Identity MSA-Host1 After this third step you can configure the service to run using the managed service account. More information: Managing Managed Service Accounts Create Managed Service Accounts with PowerShell. Do not create managed service accounts with Active Directory Users and Computers. What's New in Service Accounts Controlling Windows Services and Service Accounts Managed Service Accounts Server 2008 R2 Managed Service Account Bug
Free Windows Admin Tool Kit Click here and download it now
May 12th, 2010 8:45am

Thank you very much for the reply
May 12th, 2010 12:32pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics