Questions tagged [service-account]
The service-account tag has no usage guidance.
32 questions
1
vote
0
answers
38
views
Service-specific user or Network Service?
Recently our SOC has applied a security policy on our servers which doesn't allow adding any user to "Replace a process level token" setting in "User rights assignment" in local ...
- 11
2
votes
1
answer
51
views
How to grant AWS roles to OpenStack workloads?
I want to grant processes running on OpenStack infrastructure some access to AWS resources. (I also want to avoid manually rotating keys, and minimise the impact if credentials leak from these ...
- 195
1
vote
1
answer
265
views
Why use access token for Google Artifact Registry access?
Applications using a Google service account can use that service account's key (a long-lived credential) to obtain a short-lived access token for Google Artifact Registry and documentation strongly ...
- 113
0
votes
1
answer
139
views
What is it called when you only use a user account for a specific task in your OS?
I've noticed that people don't use a user account for a specific task;
I keep thinking the concept is called a "service account"
But it causes a lot of issues surrounding security; for ...
- 1,471
0
votes
0
answers
451
views
What are security risks of a domain user accounts with denied interactive logon?
When I create domain user account with denied interactive logon, what are real security risks when hacker gets the password?
http://paulasitblog.blogspot.com/2017/01/deny-interactive-logon-for-service....
0
votes
2
answers
2k
views
Windows directory that is only accessible by SYSTEM user
I am developing a .NET Windows Service using C# that needs to download an executable file and run it.
I need the Windows Service to run with SYSTEM privileges in order to allow it to install software ...
- 3
1
vote
0
answers
529
views
How should I store a password used by a service written in .NET
I have a Windows service that accesses a database connection. Since users rarely use Windows authentication, I encrypt the connection string. For development I have the password hard-coded, but I know ...
- 11
0
votes
1
answer
7k
views
Are NT Authority account users is safe?
I have an alert for monitoring windows server logon success (event ID 4624) and already whitelisting all the authorized users in the alert rule but after a while, there is some alert showed up using ...
- 13
0
votes
1
answer
568
views
Are SSH certificates more secure for service accounts?
I'm considering how to deploy a service that needs SSH access to many important boxes in my infrastructure. Rather than store a long-lived SSH private key in a key store that the service could request,...
- 411
1
vote
1
answer
254
views
Amazon S3 policies: CORS or Service Accounts?
I have a question about accessing buckets on AWS S3. Let's suppose we have a bucket that has to have public read access by everyone and only my API has to be able to PUT and DELETE items from bucket. ...
- 69
1
vote
0
answers
444
views
gpg won't find public key if not in interactive session
How to make imported public key available after logging off?
I have a Powershell process that encrypts the file (recipient was masked):
Start-Process "gpg.exe" -ArgumentList "--batch --yes --always-...
- 11
0
votes
3
answers
2k
views
Service Account Best Practices [closed]
I am getting a presentation together for a topic I am not SUPER knowledgeable in.
I am an admin within a nameless system, and of the opinion that a service account should be created for each ...
- 103
1
vote
2
answers
267
views
IIS Application - service account permissions
My company is looking to install a 3rd party application on our infrastructure and this application will be installed on an IIS Server with a connection to a SQL server. They require an AD service ...
- 237
5
votes
2
answers
4k
views
Does PCI-DSS password guidance apply to service accounts?
A service account is a user account created for the sole purpose of running an application. For example, an online banking web site may have a single service account under which the code runs.
...
- 9,361
1
vote
1
answer
3k
views
IIS - giving service accounts admin rights?
I'm looking at a application running on IIS which requires service account(s) to run some services/software, however the service account requires LOCAL ADMIN access which is against policy.
Are there ...
- 237
0
votes
2
answers
139
views
Authentication of an indefinite number of technicians in an offline scenario
Are there any possibilities to authenticate a changing number of (service) technicians towards a device without an internet / network connection? With the possibility to revoke the access later?
Edit:...
- 103
7
votes
2
answers
24k
views
Recover the password of a Windows service user login account
When setting up a Windows service, one specifies a user account to use for authentication, as well as the password for that user. In their guidelines for user account selection, Microsoft states that ...
- 173
2
votes
0
answers
142
views
Kerberos Constrained Delegation
I have 4 machines,
one machine with Domain Controller,
one machine with Analysis Services,
one machine with IIS Services,
one machine with the Application
The goal is to open the application and the ...
- 133
1
vote
2
answers
148
views
How can I verify that the logged-in user is actually the person who owns the account?
I am trying to design a little tournament for an existing online game. I have no access to their game accounts, I can only add them inside the game and chat. I will create a web service with profiles ...
- 115
1
vote
0
answers
114
views
Protect Specific Services on Client PC
I am not sure if I am asking in the correct location for this, but will ask in the hopes you assist. I want to be able to lock certain services from being restarted/stopped/ended. I know most Anti-...
- 127
2
votes
1
answer
2k
views
How is password information stored and used on Android accounts?
How difficult would it be for someone who stole your device to gain access to the username and password information stored under the Settings -> More -> Accounts section of an Android device?
...
4
votes
2
answers
3k
views
Is it safe to use virtual mobile numbers for verification
Is it safe to use virtual mobile numbers for account verification & authentication for services such as PayPal, Twitter, Gmail, Linkekdin, etc.? And what is the security drawback for this?
- 41
2
votes
2
answers
271
views
is this secure: email account that can only be accessed by sending and receiving emails within gmail
i am creating a game of sorts where you use and earn credits to accomplish tasks. I am curious if you can effectively use gmail's security features to secure these submissions if the emails are all in ...
- 21
5
votes
2
answers
2k
views
Is there any point in passphrase-protecting an SSH private key that is used by a service account?
On my Linux machine (Alice), I am setting up a service account with an rsync cron job that will synchronise some files with a remote host (Bob). Obviously, I would want to make the rsync secure by ...
- 287
7
votes
2
answers
6k
views
Should service accounts be set to never lock out
I have been in a discussion lately with our security team, and I want to get an answer from this group.
Currently our security policy states that domain accounts will lock out after 5 failed ...
- 531
0
votes
1
answer
687
views
How do you secure service account password on enterprise windows enviroment?
I'm suppose to have a large environment ( 500+ servers ) all Windows based joined to Active Directory domain.
Some domain accounts are used for application\middleware authentication that needs high ...
- 1
3
votes
1
answer
1k
views
Is running a Windows service as a (standard) user a risk?
I plan on creating a domain user account that will be able to log on as a service, but have only the minimum requirements for this service to function. of course this could be misconfigured, but ...
- 133
1
vote
1
answer
1k
views
How does IIS persist identity credentials? Does it create any security issues?
We want to implement a feature similar to IIS in how it remembers user configured usernames and passwords. As I understand it, when you configure IIS to use a set of credentials for an app pool ...
- 111
3
votes
2
answers
516
views
Time based event, console application on Windows Server -- security implications
I'm a software engineer, and I've written several discreet utilities that run at specific times on Windows Server 2008. Generally speaking, they are console applications, need to access SQL Server, ...
- 133
12
votes
5
answers
19k
views
UAC and Windows Services
A user has a PowerShell script that does some things that require administrative access on Windows Server 2012 with UAC enabled.
When they run the script as a Local Administrator, it fails with ...
- 313
1
vote
1
answer
3k
views
How do these Windows services affect the security of Windows Firewall?
Its common to disable unneeded services in Windows 2008 R2, but sometimes I come across installations that use Windows Firewall and related services. More info: see service dependencies for Windows ...
- 51.1k
3
votes
1
answer
1k
views
Authentication for a batch script
It seems amazing that there is no industry accepted best practice for this problem yet (or maybe just one I'm not aware of):
What is the most secure way for a batch script, a program needing to ...
- 5,833