What is a non-interactive service account?

active-directory iis
20,000

Wha is an interactive logon ?

An interactive logon to a computer can be performed either locally, when the user has direct physical access, or remotely, through Terminal Services, in which case the logon is further qualified as remote interactive. After an interactive logon, Windows runs applications on the user’s behalf and the user can interact with those applications.

Users can perform an interactive logon by logging on to a computer using a local user account or by using their domain account.

Please read that blog about Managed service account. https://blogs.technet.microsoft.com/askds/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting/

The Windows Server 2008 R2 AD Schema introduces a new object class called msDS-ManagedServiceAccount. Create an MSA, examine its objectClass attribute, and notice the object has an interesting object class inheritance structure:

Computer

msDS-ManagedServiceAccount

organizationalPerson

Top

User

The object is a user and a computer at the same time, just like a computer account. But it does not have an object class of person like a computer account typically would; instead it has msDS-ManagedServiceAccount. MSA’s inherit from a parent object class of “Computer”, but they are also users. MSA objects do not contain new attributes from the Win2008 R2 schema update.

If you ask as you wish to make a service account, please see:

For your question, if a managed account is not what you look for, you can create a non-interactive account by creating a GPO that set that; Computer Configuration/Windows settings/Local Policies/User Right Assignement, and you deny the user account the Log On right. (https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/deny-log-on-locally). That way that account will only be able to be used for services

Share:
20,000

Related videos on Youtube

Admin
Author by

Admin

Updated on September 18, 2022

Comments

  • Admin
    Admin over 1 year

    Trying to get a clear understanding of what makes a AD domain service account non-interactive and how this is done?

    I require a service e account with "logon as a service" and "logon as a batch" for a service account on a IIS box.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

401 - Unauthorized in IE7 only with windows authentication.
IIS7 give ApplicationPoolIdentity access to a network location
Can I use IIS to do ActiveDirectory single-sign-on for another website?
Risks in raising domain Functional Level from 2003 mixed to 2008 native
How to setup an alias for a server in Active Directory
Non-Domain IIS server authenticate on domain?
IIS 7.5 basic authentication and Active Directory validation
Can I use Active Directory as a CA for creating test SSL certificates for IIS?
How can I assign active directory permission to the default app pool identity
Should Windows Web Servers be members of an Active Directory Domain