Questions tagged [service-account]
29 questions
11
votes
5 answers
UAC and Windows Services
A user has a PowerShell script that does some things that require administrative access on Windows Server 2012 with UAC enabled.
When they run the script as a Local Administrator, it fails with access denied. But if they elevate their permissions…
Paul Stovell
- 303
- 1
- 2
- 8
7
votes
2 answers
Should service accounts be set to never lock out
I have been in a discussion lately with our security team, and I want to get an answer from this group.
Currently our security policy states that domain accounts will lock out after 5 failed attempts. This goes for all domain accounts, including…
Brettski
- 521
- 3
- 8
- 14
7
votes
2 answers
Recover the password of a Windows service user login account
When setting up a Windows service, one specifies a user account to use for authentication, as well as the password for that user. In their guidelines for user account selection, Microsoft states that when using a domain user account,
Be aware that…
fuglede
- 173
- 1
- 1
- 4
5
votes
2 answers
Is there any point in passphrase-protecting an SSH private key that is used by a service account?
On my Linux machine (Alice), I am setting up a service account with an rsync cron job that will synchronise some files with a remote host (Bob). Obviously, I would want to make the rsync secure by using SSH with a keypair.
So my question is: is…
Kal
- 247
- 1
- 6
5
votes
2 answers
Does PCI-DSS password guidance apply to service accounts?
A service account is a user account created for the sole purpose of running an application. For example, an online banking web site may have a single service account under which the code runs.
Service accounts, like any other accounts, have…
John Wu
- 9,101
- 1
- 28
- 39
4
votes
2 answers
Is it safe to use virtual mobile numbers for verification
Is it safe to use virtual mobile numbers for account verification & authentication for services such as PayPal, Twitter, Gmail, Linkekdin, etc.? And what is the security drawback for this?
adscnet
- 41
- 2
3
votes
1 answer
Is running a Windows service as a (standard) user a risk?
I plan on creating a domain user account that will be able to log on as a service, but have only the minimum requirements for this service to function. of course this could be misconfigured, but assuming I don't add a user that has too many…
Tim
- 133
- 3
3
votes
2 answers
Time based event, console application on Windows Server -- security implications
I'm a software engineer, and I've written several discreet utilities that run at specific times on Windows Server 2008. Generally speaking, they are console applications, need to access SQL Server, are configured for trusted access and are running…
bigtech
- 133
- 2
2
votes
1 answer
How is password information stored and used on Android accounts?
How difficult would it be for someone who stole your device to gain access to the username and password information stored under the Settings -> More -> Accounts section of an Android device?
On Linux shadow passwords are stored as hashes but these…
John Higginstyne
- 41
- 4
2
votes
0 answers
Kerberos Constrained Delegation
I have 4 machines,
one machine with Domain Controller,
one machine with Analysis Services,
one machine with IIS Services,
one machine with the Application
The goal is to open the application and the user can be able to impersonated himself to the…
Stavros Koureas
- 133
- 5
2
votes
1 answer
Authentication for a batch script
It seems amazing that there is no industry accepted best practice for this problem yet (or maybe just one I'm not aware of):
What is the most secure way for a batch script, a program needing to connect to a resource (E.g. database) via a non user…
Rakkhi
- 5,783
- 1
- 23
- 47
1
vote
0 answers
Protect Specific Services on Client PC
I am not sure if I am asking in the correct location for this, but will ask in the hopes you assist. I want to be able to lock certain services from being restarted/stopped/ended. I know most Anti-Virus and Firewall Clients protect their own…
DankyNanky
- 127
- 1
- 7
1
vote
2 answers
is this secure: email account that can only be accessed by sending and receiving emails within gmail
i am creating a game of sorts where you use and earn credits to accomplish tasks. I am curious if you can effectively use gmail's security features to secure these submissions if the emails are all in one of the major "safe" ESPs - that use SPF and…
Michael Holt
- 11
- 1
1
vote
1 answer
How does IIS persist identity credentials? Does it create any security issues?
We want to implement a feature similar to IIS in how it remembers user configured usernames and passwords. As I understand it, when you configure IIS to use a set of credentials for an app pool identity and run under the context of that identity…
ZijingWu
- 111
- 3
1
vote
1 answer
Amazon S3 policies: CORS or Service Accounts?
I have a question about accessing buckets on AWS S3. Let's suppose we have a bucket that has to have public read access by everyone and only my API has to be able to PUT and DELETE items from bucket. To
restrict the access, take a look at these two…
Vivi
- 69
- 4