I'm trying to create a locked-down file-moving system on our AD network. I want to do the following:
- Create a service application that will run on Server A. It should have little or no privileges on Server A. Nothing else on Server A should have any permissions on the other shares listed below.
- It will read a share on Server B. It should have permissions to read and delete from that share. (Nothing else on the network will/can have delete permission on that share.) It should have no other permissions on Server B.
- It will write to a share on Server C. It will need permissions to read and write (not modify or delete) from that share. (Nothing else on the network can/will have write permission on that share.) It should have no other permissions on Server C.
- In logs on the respective machines, actions the service takes should show up in a way that's directly attributable to that service. No anonymous or 'NT_Authority' logs that aren't clearly from that service. Our auditors go nuts when they see anonymous and non-descript access.
So what account do I install that service under? Local system and local service seem to clearly be out. 'NetworkService' seems to have quite a lot of Greek in the description - not recognized by the local security subsystem? Presents the computer's credentials to remote servers? Everything I read about NetworkService says the same phrases, without defining them, but searches for those phrases mostly come back to descriptions of NetworkService. And what's to prevent someone installing four other different services on that same server (A) so that all four services then have inappropriate access to these shares?