No announcement yet.

Managed Service Account Network Access

  • Filter
  • Time
  • Show
Clear All
new posts

  • Managed Service Account Network Access

    I have deployed Managed Service Accounts to run services, now, I want to know if they can be used to access network file shares?

    I am working in a Windows 2008R2 domain, and am wanting a Managed Service Account to "Connect as" in a virtual directory within IIS 7.5. I know this will work for the "Application Pool," so I read..., but what about virtual directories?

    ~I have the MSA setup in AD, installed on the web server.
    ~The target file share on another 2008r2 server has the appropriate permissions (including the MSA), and the effective permissions look good.
    ~The virtual directory and it's physical path set.
    ~Connect as - domain\msa****$
    ~Test settings -----> Fail

    Am I trying to accomplish something it is not intended to do?

    Thank you,

    Attached Files

  • #2
    Re: Managed Service Account Network Access

    Is your MSA included in Group Policy under the rule 'Log on as a service account'? What groups is the MSA a member of (Domain Users, Domain Admins, etc.)? If the server doesn't recognize the MSA with authority to connect to a resource interactively, that's what's failing for you. You don't need to be able to log onto the PC/server under that MSA username/password, but the MSA has to be granted some authority to access the resources.
    MSCA (2003/XP), Security+, CCNA

    ** Remember: credit where credit is due, and reputation points as appropriate **


    • #3
      Re: Managed Service Account Network Access

      Thank you, I will give this a look over this weekend when I can test in non-production time. That is my limitation now.