This procedure creates the Windows-based Hosting service account and set its group memberships.

Arguments

Input argument Description Required

<preferredDomainController>

The domain controller to use for Active Directory actions. Required input. For example,

  Copy Code 
<preferredDomainController>AD01.Fabrikam.com</preferredDomainController>

Yes

<name>

The name of the Windows-based Hosting Service group. Optional input. This will overrides the default name Windows-based Hosting Service Accounts. For example,

  Copy Code 
<name>HostingServiceAccts</name>

No

Sample Code

Example XML Request

  Copy Code 
<request xmlns:xsl="http://www.w3.org/1999/XSL/Transform">   
	 <data>   
	 </data>   
	 <procedure>   
		 <execute namespace="Deployment Automation" procedure="InitializeServiceAccountSecurity" impersonate="1">   
			 <executeData>   
				 <preferredDomainController>ad01.fabrikam.com</preferredDomainController>   
			 </executeData>   
			 <after source="executeData" destination="data" />   
		 </execute>   
	 </procedure>   
</request>

Manual Procedures

The InitializeServiceAccountSecurity procedure automatically performs the following manual steps:

Procedure 1: To remove Authenticated Users from the Pre-Windows 2000 Compatible Access security group

  1. Log on to AD01 using an account that is a member of the Domain Administrators group.

  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. Expand fabrikam.com, and then select Builtin.

  4. In the right pane, right-click the Pre-Windows 2000 Compatible Access security group, and then click Properties.

  5. Click the Members tab.

  6. Select Authenticated Users, click Remove, and then click Yes in the message box.

  7. Click OK to close the Properties dialog box.

Procedure 2: To configure the Windows-based Hosting Service Accounts group

  1. Log on to AD01 using an account that is a member of the Domain Administrators group.

  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. Expand fabrikam.com, and then select Users.

  4. Right-click Users, click New, and then click Group.

  5. In the Group name box, type Windows-based Hosting Service Accounts, and then click OK.

Procedure 3: To configure permissions for the Windows-based Hosting Service Accounts group

  1. Log on to AD01 using an account that is a member of the Domain Administrators group.

  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. Click View on the main menu, and then click Advanced Features.

  4. Right-click fabrikam.com, and then click Properties.

  5. Click the Security tab.

  6. Click Add, type Windows-based Hosting Service Accounts, and then click Check Names. Verify that Windows-based Hosting Service Accounts is underlined, and then click OK.

  7. Verify that the Allow check box is selected next to the Read permission, and then click Advanced.

  8. In the Permissions entries field, select the Windows-based Hosting Service Accounts group, and then click Edit.

  9. In the Apply onto drop-down box, select This object and all child objects, and then click OK.

  10. Click OK to close the Advanced Properties dialog box.

  11. Click OK to close the Properties dialog box.

Procedure 4: To configure permissions for the Domain Computers group in Active Directory

  1. Log on to AD01 using an account that is a member of the Domain Administrators group.

  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. Expand fabrikam.com, select Builtin, right-click the Pre-Windows 2000 Compatible Access group, and then click Properties.

  4. Click the Members tab, and then click Add.

  5. Type Domain Computers, and then click Check Names. Verify that Domain Computers is underlined, and then click OK.

  6. Click OK to close the Properties dialog box.

Procedure 5: To configure permissions for the Pre-Windows 2000 Compatible Access group on the Servers OU in Active Directory

  1. Log on to AD01 using an account that is a member of the Domain Administrators group.

  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

  3. Expand fabrikam.com, right click the Servers OU, and then select Properties.

  4. Select the Security tab.

  5. In Group or user names, select Pre-Windows 2000 Compatible Access.

    Note:
    If the Pre-Windows 2000 Compatible Access group is not present in the list, click Add, and then type Pre-Windows 2000 Compatible Access. Click Check Names, and then click OK.

  6. In the Permissions list, under Read, select Allow, and then click OK.

  7. For the servers to receive this new security token, you must restart all servers in the environment.