Sign in with
Sign up | Sign in
Your question

how to setup an administrative user for scheduled jobs?

Last response: in Windows 2000/NT
Share
Anonymous
April 29, 2005 11:40:07 AM

Archived from groups: microsoft.public.win2000.security (More info?)

I would like to create one account used to schedule administrative jobs on
servers.
Tipical jobs will be backup, log and temp files clean up. No network access
will be necessary.
In which group should I put this user? Which user rights can I remove?
How can I prevent any access to the server's console using this account?

Thanks in advance.
Anonymous
April 30, 2005 4:58:16 PM

Archived from groups: microsoft.public.win2000.security (More info?)

You might try server operators group. You might even be able to use a
regular user account if that user has the proper ntfs permissions to the
logs and files it needs to clean up though a regular user can not clear the
security log if you have that in mind unless that account has the user right
to mange audit and security logs. User rights that you may want to assign to
the user to accomplish the job could be right to manage audit and security
logs, logon as batch job, and backup files and directories. Enabling
auditing of privilege use for failure could help determine if the account
needs any additional user rights to do it's job that it can not currently
do.

You can also configure the user rights for logon locally, deny logon
locally, access this computer from the network, and deny access to this
computer from the network to restrict what user accounts can access. Keep in
mind that the lack of a user right is an implicit deny and that deny user
rights override allow user rights. Refer to the Windows 2000 Security Guide
for more specifics on user rights and built in groups as shown in the links
below. The whole guide can be downloaded for free.--- Steve

http://www.microsoft.com/technet/security/prodtech/wind...
http://www.microsoft.com/technet/security/prodtech/wind...


"hernia" <hernia@discussions.microsoft.com> wrote in message
news:E0642A86-2A97-41FE-B3A9-5A295E9987CA@microsoft.com...
>I would like to create one account used to schedule administrative jobs on
> servers.
> Tipical jobs will be backup, log and temp files clean up. No network
> access
> will be necessary.
> In which group should I put this user? Which user rights can I remove?
> How can I prevent any access to the server's console using this account?
>
> Thanks in advance.
>
!