Recommended service logon account level for a JTS running on WAS as a service on Windows Server 2012
Hello,
We have currently installed a Websphere application server (V9) running as a service on a Windows Server 2012. Jazz Team Server (6.0.4) is installed on the WAS.
I would like to know the recommended service logon account level to be used to run the WAS as a Windows Service.
Currently, we have configured a domain user account as an Administrator on the Windows server and is using this account to run the WAS as a service. This procedure is detailed out in https://www.ibm.com/developerworks/websphere/techjournal/1010_supauth/1010_supauth.html.
Now, as per Microsoft's recommendation, this is not the correct practice. (https://docs.microsoft.com/en-us/windows/desktop/ad/domain-user-accounts). The domain user account ideally should not be given an admin privilege and this is similar to running the service as a Local System Account itself with very high privileges.
To summarize, my question would be: Can we run WAS (and JTS and other CLM applications) as a service under a domain user account, who is configured as a non-administrator on a Windows Server?
Also, If yes, is this a recommended practice (running WAS as a non-admin domain user) or is the IBM recommendation to run the service as a local system account/domain user account with admin privileges?
Regards
Deepak