16.1 Creating a Network Service Account and Assigning Permissions

A service account is an user account that is created explicitly to provide a security context for services running on Microsoft Windows Server 2003. The application pools use service accounts to assign permissions to Web sites and applications running on Internet Information Services (IIS). You can manage service accounts individually to determine the level of access for each of the application pool in a distributed environment.

Creating a Network Service Account enables the ADAM instance. To create a Network Service Account:

  1. Click Start > All Programs > Administrative Tools > Active Directory Users and Computers. The Active Directory Users and Computers page is displayed.

  2. Select View > Advanced Features. The Advanced Features option is enabled by default.

  3. Select the Domain Controllers folder and locate the Domain Controller of your single sign-on enabled domain.

  4. Right-click the Domain Controller and select Properties. The [Domain] Properties page is displayed.

  5. Select the Security tab.

    If the Network Service account is not on the list of Group or user names, add it.

  6. Select the Network Service account.

  7. In the Permissions for Administrators section, select Allow to Create All Child Objects.

  8. In the Permissions for Administrators field, select Allow to Delete All Child Objects.

    NOTE:Selecting Delete All Child Objects has no effect for Novell SecureLogin, but allows the ADAM instance to be cleaned properly when it is uninstalled.

  9. Click OK to close the [Domain] Properties dialog box.