Securing Service Accounts
During Commerce Server Setup, in the Services Account dialog box, you specify the Windows user name and password for the following Commerce Server services:
- List Manager
- Direct Mailer
- Event Logging. This service requires the account be a local administrator.
Setup automatically grants these Windows accounts the Log On as a Service right. Setup does not permit you to set up these services to use the Local System account. Although it is possible to do this manually after Setup, it is not recommended because doing so might give the services more permissions than they need.
In the same dialog box, you specify an account under which Event Logging will be performed. This last account is used in the Commerce Event Logging COM+ package that is created by Setup. For information about this account, see Important Security Notes.
After you have installed Commerce Server 2002 Service Pack 1, you can set access security on the Commerce Server List Manager service, Direct Mailer service, and the Predictor service using Dcomcnfg.exe.
This procedure only applies to Commerce Server 2002 Service Pack 1. It is particularly important to run Dcomcnfg.exe if you are using opt-out lists.
For information about how to run Dcomcnfg.exe, see the Microsoft Knowledge Based article number Q328522, available at http://go.microsoft.com/fwlink/?LinkId=9666.
This section contains: