Service Accounts¶
Purpose¶
Service accounts are used for applications, scheduled tasks and services that require domain authentication.
Naming¶
| Type | Format | Example |
|---|---|---|
| Standard service account | svc-<service> |
svc-backup |
| Application service account | svc-app-<name> |
svc-app-monitoring |
| Managed service account | gmsa-<service> |
gmsa-webapp |
Rules¶
- Use Group Managed Service Accounts where possible.
- Do not use personal admin accounts for services.
- Do not use Domain Admin credentials for services.
- Document purpose, owner and rotation requirements.
- Apply least privilege.
Initial accounts¶
No service accounts are required in Phase 1 unless a specific service needs them.