Recommended Windows Service Account Settings for Windows BIND?
Danny Mayer
mayer at gis.net
Sun Jul 27 04:13:07 UTC 2008
Will wrote:
> With BIND 9.5 for Windows, what is the recommended settings for the BIND
> account? I gather they do NOT want you to use the reserved NetworkService
> account to run BIND, but instead want you to:
>
> 1) Create a local user "named"
> 2) Add named to the local Users group
> 3) Add named to the list of users authorized to start as a service in
> security policy?
>
The installer creates this for you. You do not have to do it yourself.
The named account should *not* be in the local Users group. The
installer locks things down for you.
> In terms of NTFS permissions, where does the local named account need write
> access?
>
You need to create the correct NTFS permissions on the directories that
named uses. Currently, the installer does not do this. You should give
it write access to the /etc subdirectory where all of the zone files
reside. If you are doing dynamic update then this is necessary as it
needs to rewrite those files and create the journal files.
Danny
More information about the bind-users
mailing list