web
You’re offline. This is a read only version of the page.
close
Skip to main content

Notifications

Announcements

No record found.

News and Announcements icon
Community site session details

Community site session details

Session Id :
Dynamics 365 Community / Forums / Microsoft Dynamics CRM (Archived) / CRM Service Accounts S...
Microsoft Dynamics CRM (Archived)

CRM Service Accounts Security Question (Network Service vs Domain accounts)

(0) ShareShare
ReportReport
Posted on by MICHAEL KATSEV

I have been reading and re-reading the CRM Deployment guide where it discusses how to set up the accounts that will run various CRM services.

"When you specify an identity to run a Microsoft Dynamics CRM service, you can choose either a domain user account or the Network Service account.

If the service interacts with network services, accesses domain resources like file shares or if it uses linked server connections to other computers, you can use a minimally-privileged domain account. Many server-to-server activities can be performed only with a domain user account and can provide the most secure option. This account should be pre-created by domain administration in your environment."

Is running the services under Network Service (in multi-server environment, CRM cluster, SQLAlwaysOn) totally insecure? Are the chances of hijacking a user account are less than hijacking Network Service Account?

If anything, is there a service that is 'strongly recommended' to run as a Domain Account?

Thanks in advance

Microsoft Dynamics CRM Sandbox Processing Service NT AUTHORITY\NETWORK SERVICE
Microsoft Dynamics CRM Asynchronous Processing Service NT AUTHORITY\NETWORK SERVICE
Microsoft Dynamics CRM Asynchronous Processing Service (maintenance) services NT AUTHORITY\NETWORK SERVICE
Microsoft Dynamics CRM Monitoring Service NT AUTHORITY\NETWORK SERVICE
Microsoft Dynamics CRM VSS Writer service NT AUTHORITY\NETWORK SERVICE

*This post is locked for comments

I have the same question (0)
  • Suggested answer
    razdynamics Profile Picture
    razdynamics 17,308 User Group Leader on at

    Hi NYC,

    It is Best Practice and Highly recommend that you specify separate domain user accounts for these application pools instead of using the Network Service account and no other ASP.NET-connected application be installed under these application pools.You should really be setting up dedicated service accounts with the corresponding privileges, technet.microsoft.com/.../hh699825.aspx

    Also see;

    technet.microsoft.com/.../hh699761.aspx

    Best Wishes, Raz

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

Neeraj Kumar – Community Spotlight

We are honored to recognize Neeraj Kumar as our Community Spotlight honoree for…

Congratulations to the November Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > 🔒一 Microsoft Dynamics CRM (Archived)

#1
SA-08121319-0 Profile Picture

SA-08121319-0 4

#1
Calum MacFarlane Profile Picture

Calum MacFarlane 4

#3
Alex Fun Wei Jie Profile Picture

Alex Fun Wei Jie 2

Last 30 days Overall leaderboard

Featured topics

Product updates

Dynamics 365 release plans