About using a User Account as a Service Account

You can sidestep some of the complexities of running services with the built-in service accounts by instead using a local or domain user account. An important point to keep in mind is that Windows automatically grants additional privileges (most notable the Log on as a Service and Log on as a Batch job privileges) to user accounts that you associate with services. ClosedShow picture

In addition, the SV Core Management Console grants two additional privileges to the user account associated with the SV Core Daemon service and the DCOM application.

  • Log on as a service - This security setting allows a security principal to log on as a service. Any service that runs under a separate user account must be assigned this right. ClosedShow picture
  • Log on as a batch job - Any DCOM application that runs under a specific user account must be assigned this right. ClosedShow picture

For this reason, it is imperative that you never use a service account for interactive logon. In other words, a human being should never log on to a system by using a service account identity.