问题描述

有人知道我需要授予域用户帐户的最低权限是什么才能以该用户身份运行 Windows 服务吗?

Does anyone know what would be the minimum rights I would need to grant to a domain user account in order to run a windows service as that user?

为简单起见，假设服务除了启动、停止和写入应用程序"事件日志之外不执行任何操作 - 即没有网络访问、没有自定义事件日志等.

For simplicity, assume that the service does nothing over and above starting, stopping, and writing to the "Application" event log - i.e. no network access, no custom event logs etc.

我知道我可以使用内置的 Service 和 NetworkService 帐户，但由于网络政策的原因，我可能无法使用这些帐户.

I know I could use the built in Service and NetworkService accounts, but it's possible that I may not be able to use these due to network policies in place.

推荐答案

两种方式:

1. 编辑服务的属性并设置登录用户.将自动分配适当的权限.

1. Edit the properties of the service and set the Log On user. The appropriate right will be automatically assigned.

手动设置:转到管理工具 -> 本地安全策略 -> 本地策略 -> 用户权限分配.编辑作为服务登录"项并在其中添加您的域用户.

Set it manually: Go to Administrative Tools -> Local Security Policy -> Local Policies -> User Rights Assignment. Edit the item "Log on as a service" and add your domain user there.

这篇关于作为域帐户运行 Windows 服务所需的最低权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！