Comments on: Clever, very clever (but bad all the same) http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/ After much frustration, it seems DEFAULT is the way to go... Tue, 27 Jul 2010 11:20:51 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: CleverWorkarounds » Good advice hidden in the Infrastructure Update http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/comment-page-1/#comment-1325 CleverWorkarounds » Good advice hidden in the Infrastructure Update Sat, 19 Jul 2008 08:44:16 +0000 http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/#comment-1325 [...] For what it’s worth, I do not use the Network Service account either, as it is actually more risky than a low privileged domain or local user [...] [...] For what it’s worth, I do not use the Network Service account either, as it is actually more risky than a low privileged domain or local user [...]

]]> By: admin http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/comment-page-1/#comment-414 admin Thu, 24 Apr 2008 14:08:54 +0000 http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/#comment-414 Yes right Matt, hence why I suggested this is more a WSS3 issue than it is MOSS 2007. There is no good reason why farm, ssp or web app accounts should need to run sharing the credentials of other windows services. Yes right Matt, hence why I suggested this is more a WSS3 issue than it is MOSS 2007. There is no good reason why farm, ssp or web app accounts should need to run sharing the credentials of other windows services.

]]> By: Matt http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/comment-page-1/#comment-413 Matt Thu, 24 Apr 2008 12:02:32 +0000 http://www.cleverworkarounds.com/2008/04/21/clever-very-clever-but-bad-all-the-same/#comment-413 Very interesting and more than slightly alarming. Thanks for the information. If I'm reading this correctly, though, if a MOSS farm was built with best practices and using dedictaed "least privileged" service accounts (from an AD domain), that farm should not be in danger, correct? The highjacked service account would not be running more than one service... Right? I could be missing something... Thanks! Very interesting and more than slightly alarming. Thanks for the information.

If I’m reading this correctly, though, if a MOSS farm was built with best practices and using dedictaed “least privileged” service accounts (from an AD domain), that farm should not be in danger, correct? The highjacked service account would not be running more than one service… Right? I could be missing something… Thanks!

]]>