It's all about the answers!

Ask a question

Recommended service logon account level for a JTS running on WAS as a service on Windows Server 2012


Deepak Paul John (26) | asked Feb 18 '19, 3:10 a.m.
Hello,

We have currently installed a Websphere application server (V9) running as a service on a Windows Server 2012. Jazz Team Server (6.0.4) is installed on the WAS.

I would like to know the recommended service logon account level to be used to run the WAS as a Windows Service.

Currently, we have configured a domain user account as an Administrator on the Windows server and is using this account to run the WAS as a service. This procedure is detailed out in https://www.ibm.com/developerworks/websphere/techjournal/1010_supauth/1010_supauth.html.

Now, as per Microsoft's recommendation, this is not the correct practice. (https://docs.microsoft.com/en-us/windows/desktop/ad/domain-user-accounts). The domain user account ideally should not be given an admin privilege and this is similar to running the service as a Local System Account itself with very high privileges.

To summarize, my question would be: Can we run WAS (and JTS and other CLM applications) as a service under a domain user account, who is configured as a non-administrator on a Windows Server?
Also, If yes, is this a recommended practice (running WAS as a non-admin domain user) or is the IBM recommendation to run the service as a local system account/domain user account with admin privileges?

Regards
Deepak

Be the first one to answer this question!


Register or to post your answer.