Using Minimal Administrative Accounts
This content is no longer actively maintained. It is provided as is, for anyone who may still be using these technologies, with no warranties or claims of accuracy with regard to the most recent product version or service release.
Using the minimum number of user accounts with full administrative control on the computer running Speech Server helps secure files and folders from unintentional user errors and attacks from malicious users. User rights are granted through the permissions in user security accounts and allow access to reading, writing, and executing files.
When Speech Server is installed on Microsoft Windows Server 2003, the setup wizard automatically configures the computer to provide a higher level of security. The wizard modifies the local security policy to give only members of the local Administrators group logon privileges for the computer. Speech Server is also configured to give only members of the local Administrators group permission to configure its settings and control the service. When Speech Server is deployed in a production environment, it should be installed on dedicated computers, not computers shared with other users or applications.
On a client operating system (such as Windows XP or Windows Vista), this security policy is relaxed somewhat to allow easier application development. Specifically, the local security policy is not adjusted and the service can be controlled (for example, started and stopped) by members of the Interactive Users group. It is possible to develop applications using a non-administrative account. However, some operations (such as debugging an application or deploying a new application), require Internet Information Services (IIS) control and can only be performed by a member of the Administrators group.
For more information about access control and its relationship to security, see Access Control.
See Also
Concepts
Accounts that Speech Server Uses