Selecting a service account

  • Article

Applies To: Windows Server 2003 R2

On the Service Account Selection page in the ADAM Setup Wizard, you must select a service account for use by the Active Directory Application Mode (ADAM) instance. The account that you select determines the security context in which the ADAM instance runs. Changing the service account after installation may require some additional configuration.

In most cases, the ADAM Setup Wizard defaults to the Network Service account as the service account. The Network Service account is a special, built-in account, with authority similar to that of an authenticated user account. The name of the account is NT AUTHORITY\NetworkService. The Network Service account has limited access to the local computer and authenticated access (as the computer account) to network resources. This limited access helps safeguard your system if individual services or processes are compromised. Services that run as the Network Service account access network resources using the credentials of the computer account.

For more information about selecting a service account and ADAM service account requirements, see Selecting an ADAM service account.

To select a service account

  • On the Service Account Selection page, do one of the following, and then click Next:

    • Click Network service account.

    • Click This account, click Browse, and then select a local or domain account.

Notes

  • On Windows XP Professional, workstation and domain user accounts that are used as the ADAM service account must be members of the local Administrators group.

  • When you install ADAM on Windows XP Professional computers that are joined to a workgroup, you must edit the forceguest registry key to allow users to bind to ADAM successfully. For more information, see Enable binding to ADAM instances running on Windows XP Professional computers joined to a workgroup.

  • For additional considerations when running ADAM on Windows XP Professional, see Running ADAM on Windows XP Professional.

  • To enable auditing for an ADAM instance running under a service account other than the Network Service account, you must grant the Generate security audits right to the account that is used as the ADAM service account.

  • To enable a workstation or domain user account as a service account, you must grant the Log on as a service right to the account that is used as the ADAM service account. For more information, see Add the Log on as a service right to an account.

See Also

Concepts

Running ADAM on Windows XP Professional
Administering computers running ADAM
Selecting an ADAM service account
Administering an ADAM instance