Share via

Procted user and service account

SF-6505 516 Reputation points
2022-01-06T20:50:47.623+00:00

Hi,

which kind of issue if we add a service account to protected users group ?

Windows for business | Windows Client for IT Pros | Directory services | Active Directory
Windows for business | Windows Server | User experience | Other
0 comments
Accepted answer
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2022-01-06T21:02:06.603+00:00

    Hi,

    Below Microsoft recommendation :

    162905-im.png

    protected-users-security-group

    please don't forget to mark helpful reply as answer

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Gary Reynolds 9,621 Reputation points
    2022-01-06T21:03:41.59+00:00

    Hi @SF-6505

    Have a look at this article which contains details of the restriction that will be applied to user objects that are added to the Protected Users Group. https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group.

    The restriction that can cause the most issues, especially if the service account is used for older application\service, is the removal of the ability to use NTLM to authentication to domain controllers, which could cause the service to fail to start or run correctly.

    If you have a test environment, to best approach would be to test the change to understand the impacts on the service accounts. The plus point is that it's pretty simple to reverse the impacts by removing the service account from the Protected Users Group.

    Gary.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.