service account

Definition of service account in The Network Encyclopedia.

What is a Service Account?

A Microsoft Windows NT or Windows 2000 user account that an application uses as a security context in which to run services. Service accounts are used by products such as Microsoft Exchange Server, Microsoft SQL Server, Microsoft Systems Management Server, and Microsoft SNA Server.

To illustrate a service account, let’s consider the Exchange service account in Exchange Server 5.5. All Exchange servers in a given Exchange site must use the same service account. The servers use the service account to determine which other Exchange servers are part of the same site and have the right to use the messaging services on the server.

You should create the Exchange service account before you install the first Exchange server in a site. You can give it any name. You should not use it as an account for a user to log on to the network; instead, reserve it for use by Exchange and assign it a complex password for security reasons. Specify the service account during the installation process, and grant it the Service Account Admin role on the site object and its Configuration container within the Exchange Administrator directory hierarchy.

The Exchange service account is also granted the following system rights:

  • Act as part of the operating system
  • Log on as a service
  • Restore files and directories

You can change the password for an Exchange Server 5.5 service account in two places: the configuration container for the site object in the Exchange directory hierarchy (using the Exchange Administrator program) and in the Security Account Manager (SAM) database (using the administrative tool User Manager for Domains in Windows NT 4.0 or Computer Management in Windows 2000).