Shulou(Shulou.com)05/31 Report--

This article shows you how to set up the hosting account of Windows Server 2008 R2. The content is concise and easy to understand. It will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

In the modern enterprise, the computer network occupies the most important position, the network architecture is more and more complex, and the normal operation of the application system, in addition to the foreground application interface, what is more important is the background process or background service. with the stable operation of background processes and services, we can ensure the normal operation of business activities.

For administrators, it is tedious to change the password of a service account regularly, and the more types of services and accounts, the more difficult it is to manage. For the convenience of management, some system administrators often set up a service account whose password will never expire. Although this avoids changing the password regularly and reduces the workload, it does not change the password for a long time, which increases the risk of password disclosure.

The managed service account (MSA) in Windows Server 2008 R2 solves this problem and how it is implemented. Let's take a look.

Managed service account

Because it is difficult to manage the password of the domain user account of the running service, the managed service account (Managed Service Account) arises at the historic moment. The so-called managed service account is the account entrusted to the operating system for management. The password of the managed service account (MSA) is automatically set, maintained and updated by the operating system on a regular basis, without manual intervention by the administrator, as if the account does not have a password.

The role of managed service account (MSA)

Managed service accounts make services isolated from each other, and automatic password management is required separately.

Reduce TCO by reducing service disruption

Use a single managed service account per service or per server (the service account cannot be shared by multiple computers)

Better SPN management at the Windows Server 2008 R2 domain functional level (allows the server to rename the service account)

Use of managed service account (MSA)

To configure and apply a managed service account (MSA), you need to take three steps:

Create MSA account  install MSA account  assign MSA account to the service.

1. Create a MSA account:

The creation of a MSA account needs to be created through the New-ADServiceAccount command of PowerShell, as shown below:

After the creation is complete, you can see the MSAtest account you just created in AD users and computers.

two。 Install MSA account

After the account is created, you can install the MSA account. When installing a managed service account on a member server of Windows Server 2008 R2 or a client computer of Windows 7, and using the Install-ADServiceAccount command in PowerShell, it is important to note that:

Note:

1) the managed service account (MSA) only supports Windows Server 2008 R2 or Windows 7 operating systems, but not earlier versions of the operating system.

2) A managed service account (MSA) can only be installed on one computer and cannot be shared by multiple computers. This means that the MSA account does not support the cluster service.

3. Assign a MSA account to the service

Take the Windows Server 2008 R2 member server as an example.

First, open the Service Control Manager, expand configuration-Services, double-click the service you want to configure on the right, select "this account"-"Browse" under the login tab, navigate to the previously created MSA account, and click OK. Use this service to run under the selected MSA account, and the result is shown below:

Note:

1) by default, the backend service does not allow you to set an account with an empty password to start, with the exception of the MSA account. In fact, the MSA account actually has a password, but the administrator does not need to set it.

Considerations for managed Service account (MSA)

The use of managed service accounts greatly simplifies the management of internal service accounts, but there are also some points for attention.

Assigning proper access to MSA is critical. Assigning permissions to MSA is like assigning permissions to a user service account SCM to MSA and giving local system permissions to MSA through logonAsService. Installation Manager does not allow you to specify an account without a password. Use a standard server account to install to a MSA replication permission to change the service in SCM to use MSA, and scheduled jobs cannot be run as a managed service account. Because the MSA account can only be installed on one computer and cannot be shared by multiple computers, the managed service account cannot be used in the cluster service. If the domain feature level is Windows Server 2008 R2, the SPN of the service account will be updated when the service account is renamed.

The above content is what is the method of setting up the hosting account of Windows Server 2008 R2. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.