将Windows服务作为域帐户运行所需的最低权限 [英] Minimum rights required to run a windows service as a domain account

问题描述

有人知道我要以该用户身份运行Windows服务时需要授予域用户帐户的最低权限是什么吗?

Does anyone know what would be the minimum rights I would need to grant to a domain user account in order to run a windows service as that user?

为简单起见，假设服务除了启动，停止和写入应用程序"事件日志外，不执行任何操作-即，无网络访问权限，无自定义事件日志等.

For simplicity, assume that the service does nothing over and above starting, stopping, and writing to the "Application" event log - i.e. no network access, no custom event logs etc.

我知道我可以使用内置的Service和NetworkService帐户，但是由于适当的网络策略，我可能无法使用这些帐户.

I know I could use the built in Service and NetworkService accounts, but it's possible that I may not be able to use these due to network policies in place.

推荐答案

两种方式:

1. 编辑服务的属性并设置登录"用户.适当的权利将被自动分配.

1. Edit the properties of the service and set the Log On user. The appropriate right will be automatically assigned.

手动设置:转到管理工具->本地安全策略->本地策略->用户权限分配.编辑项目作为服务登录"，然后在其中添加您的域用户.

Set it manually: Go to Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment. Edit the item "Log on as a service" and add your domain user there.

这篇关于将Windows服务作为域帐户运行所需的最低权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！