Remove Network Authentication for Windows Virtual Service Accounts
Hi,
We have created a Windows service and we are using the virtual service account (https://learn.microsoft.com/en-us/windows/security/identity-protection/access-control/service-accounts#bkmk-virtualserviceaccounts) to run the service. From the documentation, we understand that in a domain environment, if the service account tries to access any Windows remote resource, for example an SMB share, it will use the machine account credentials (COMPUTERNAME$), similar to the way NETWORK SERVICE account works. We would like to disable this option as an additional hardening step, since we don't really need this, so it will work like the LOCAL SERVICE account in this scenario (but we don't want to use LOCAL SERVICE since it's a shared account).
Is this possible?
Links to additional documentation will also be appreciated.
Thanks,
Gabriel