Change the account under which the Cluster service runs

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To change the account under which the Cluster service runs

  1. Stop the Cluster service on all nodes:

    • Make sure the account has membership in the local Administrators group on all nodes.

    • Open Local Security Policy and Grant the following rights to the account, or to the local Administrators group, on all nodes:

    Where? Security Settings/Local Policies/User Rights Assignments

    • Act as part of the operating system

    • Back up files and directories

    • Restore files and directories

    • Adjust memory quotas for a process

    • Log on as a service

    • Increase scheduling priority

    By default, the Cluster service account inherits the following user rights as a result of being a member of the local Administrators group:

    • Manage auditing and security log

    • Debug programs

    • Impersonate a client after authentication

    If your organization has removed these user rights from the default set of privileges assigned to the local Administrators group, you need to specifically assign these user rights to the Cluster service account.

    • Open Computer Management.

    • In Computer Management, double-click Services and Applications, and then click Services.

    • In the details pane, click Cluster Service.

    • On the Action menu, click Stop.

  2. Repeat step 1 on all other nodes.

  3. In the details pane of one node, double-click Cluster service.

  4. On the Log On tab, type the account name in This account, type the password in Password, and then confirm the password and click OK.

  5. On the Action menu, click Start.

  6. Repeat steps 2, 3, 4, and 5 on all other nodes.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • To open Computer Management, click Start, click Control Panel, double-click Administrative Tools, and then double-click Computer Management.

  • To open Local Security Policy, click Start, point to Settings, click Control Panel, double-click Administrative Tools, and then double-click Local Security Policy. Select Show Advanced User Rights to view all the available security settings.

  • The Cluster service on all nodes must be stopped and restarted during this procedure. The Cluster service must use the same account and password at all times on all nodes within the cluster.

  • You must use Active Directory Users and Computers to view account properties if the account is in a Windows 2000 or Windows Server 2003 family domain. You must use User Manager for the Domain to view account properties if the account is in a Windows NT 4.0 domain. User Manager for the Domain can be installed using the client-based Network Administration tools by running Setup.exe from the Windows NT Server 4.0 media in the Clients\Srvtools\Winnt\ directory or by running Usrmgr.exe from the Clients\Srvtools\Winnt\I386 or Clients\Srvtools\Winnt\Alpha directory.

  • For more information on granting account rights, see Related Topics.

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Concepts

Manage Users, Groups, and Computers
Start, stop, pause, resume, or restart a service
Domain accounts and the Cluster service
Updated technical information