Share
ReportI have been reading and re-reading the CRM Deployment guide where it discusses how to set up the accounts that will run various CRM services.
"When you specify an identity to run a Microsoft Dynamics CRM service, you can choose either a domain user account or the Network Service account.
If the service interacts with network services, accesses domain resources like file shares or if it uses linked server connections to other computers, you can use a minimally-privileged domain account. Many server-to-server activities can be performed only with a domain user account and can provide the most secure option. This account should be pre-created by domain administration in your environment."
Is running the services under Network Service (in multi-server environment, CRM cluster, SQLAlwaysOn) totally insecure? Are the chances of hijacking a user account are less than hijacking Network Service Account?
If anything, is there a service that is 'strongly recommended' to run as a Domain Account?
Thanks in advance
| Microsoft Dynamics CRM Sandbox Processing Service | NT AUTHORITY\NETWORK SERVICE |
| Microsoft Dynamics CRM Asynchronous Processing Service | NT AUTHORITY\NETWORK SERVICE |
| Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) services | NT AUTHORITY\NETWORK SERVICE |
| Microsoft Dynamics CRM Monitoring Service | NT AUTHORITY\NETWORK SERVICE |
| Microsoft Dynamics CRM VSS Writer service | NT AUTHORITY\NETWORK SERVICE |
*This post is locked for comments
All responses (
Answers (
17,304
