Hi,
which kind of issue if we add a service account to protected users group ?
Hi,
which kind of issue if we add a service account to protected users group ?
Hi,
Below Microsoft recommendation :

protected-users-security-group
please don't forget to mark helpful reply as answer
Hi @SF-6505
Have a look at this article which contains details of the restriction that will be applied to user objects that are added to the Protected Users Group. https://docs.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/protected-users-security-group.
The restriction that can cause the most issues, especially if the service account is used for older application\service, is the removal of the ability to use NTLM to authentication to domain controllers, which could cause the service to fail to start or run correctly.
If you have a test environment, to best approach would be to test the change to understand the impacts on the service accounts. The plus point is that it's pretty simple to reverse the impacts by removing the service account from the Protected Users Group.
Gary.
17 people are following this question.
Active Directory Search Options grayed out when adding permissions / new member
Windows 10 20H2 and Server Essentials 2016 (1607) GPO no longer applying
Delete Domain admins from local administrators group on member server
Need to know which ports to open in firewall for changing ad users passwords .