将Windows服务作为域帐户运行所需的最低权限 [英] Minimum rights required to run a windows service as a domain account
问题描述
有人知道我要以该用户身份运行Windows服务时需要授予域用户帐户的最低权限是什么吗?
Does anyone know what would be the minimum rights I would need to grant to a domain user account in order to run a windows service as that user?
为简单起见,假设服务除了启动,停止和写入应用程序"事件日志外,不执行任何操作-即,无网络访问权限,无自定义事件日志等.
For simplicity, assume that the service does nothing over and above starting, stopping, and writing to the "Application" event log - i.e. no network access, no custom event logs etc.
我知道我可以使用内置的Service和NetworkService帐户,但是由于适当的网络策略,我可能无法使用这些帐户.
I know I could use the built in Service and NetworkService accounts, but it's possible that I may not be able to use these due to network policies in place.
推荐答案
两种方式:
-
编辑服务的属性并设置登录"用户.适当的权利将被自动分配.
Edit the properties of the service and set the Log On user. The appropriate right will be automatically assigned.
手动设置:转到管理工具->本地安全策略->本地策略->用户权限分配.编辑项目作为服务登录",然后在其中添加您的域用户.
Set it manually: Go to Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment. Edit the item "Log on as a service" and add your domain user there.
这篇关于将Windows服务作为域帐户运行所需的最低权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!