how to setup an administrative user for scheduled jobs?

Archived from groups: microsoft.public.win2000.security (More info?)

I would like to create one account used to schedule administrative jobs on
servers.
Tipical jobs will be backup, log and temp files clean up. No network access
will be necessary.
In which group should I put this user? Which user rights can I remove?
How can I prevent any access to the server's console using this account?

Thanks in advance.
1 answer Last reply
More about setup administrative user scheduled jobs
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    You might try server operators group. You might even be able to use a
    regular user account if that user has the proper ntfs permissions to the
    logs and files it needs to clean up though a regular user can not clear the
    security log if you have that in mind unless that account has the user right
    to mange audit and security logs. User rights that you may want to assign to
    the user to accomplish the job could be right to manage audit and security
    logs, logon as batch job, and backup files and directories. Enabling
    auditing of privilege use for failure could help determine if the account
    needs any additional user rights to do it's job that it can not currently
    do.

    You can also configure the user rights for logon locally, deny logon
    locally, access this computer from the network, and deny access to this
    computer from the network to restrict what user accounts can access. Keep in
    mind that the lack of a user right is an implicit deny and that deny user
    rights override allow user rights. Refer to the Windows 2000 Security Guide
    for more specifics on user rights and built in groups as shown in the links
    below. The whole guide can be downloaded for free.--- Steve

    http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/appxb.mspx
    http://www.microsoft.com/technet/security/prodtech/windows2000/win2khg/05sconfg.mspx


    "hernia" <hernia@discussions.microsoft.com> wrote in message
    news:E0642A86-2A97-41FE-B3A9-5A295E9987CA@microsoft.com...
    >I would like to create one account used to schedule administrative jobs on
    > servers.
    > Tipical jobs will be backup, log and temp files clean up. No network
    > access
    > will be necessary.
    > In which group should I put this user? Which user rights can I remove?
    > How can I prevent any access to the server's console using this account?
    >
    > Thanks in advance.
    >
Ask a new question

Read More

Job Market Servers Windows