5.3 Assign Permissions to a Network Service Account

A service account is a user account that is created explicitly to provide a security context for services running on Microsoft* Windows Server 2003. Application pools use service accounts to assign permissions to Web sites and applications running on Internet Information Services (IIS). Administrators can manage service accounts individually to determine the level of access for each application pool in a distributed environment.

Creating a Network Service Account enables the ADAM instance.

To create a Network Service Account:

  1. Click Start > All Programs > Administrative Tools > Active Directory Users and Computers. Active Directory Users and Computers page is displayed.

  2. Select View > Advanced Features. The Advanced Features option is enabled.

  3. Select the Domain Controllers folder and locate the Domain Controller of your SSO-enabled domain.

  4. Right-click the Domain Controller and select Properties. The [Domain] Properties page is displayed.

  5. Select the Security tab. If the Network Service account is not on the list of Group or user names, add it.

  6. Select the Network Service account.

  7. In the Permissions for Administrators section, select Allow to Create All Child Objects.

  8. In the Permissions for Administrators field, select Allow to Delete All Child Objects.

    NOTE:Selecting Delete All Child Objects has no effect for SecureLogin, but allows the ADAM instance to be cleaned properly when it is uninstalled.

  9. Click OK to close the [Domain] Properties dialog box.