You can add only the DCs into the “Log on to” field (under the Account tab) of the user. This will prevent this service account from being used from other computers that are not listed in the “Log on to” field.
-Aakash Shah
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntsysadmin/00dadf80-1384-4e41-a6cf-1e4ba9df4378n%40googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/BN0P221MB0430816D3CEB6D35012EF724F2C42%40BN0P221MB0430.NAMP221.PROD.OUTLOOK.COM.
Charlie Sullivan
Principal Windows Systems Administrator
What is the service account doing that requires Domain Admin membership? Much of AD work can be delegated to a lower-level privilege, so would be curious on “the why” of the service account being a Domain Admin.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/BN0P221MB0430816D3CEB6D35012EF724F2C42%40BN0P221MB0430.NAMP221.PROD.OUTLOOK.COM.