Re: what type of user should cluster run under on member server

There's no need to have a local user account on the boxes. It only needs to
be a domain user account that is a member of the local admin group on both
nodes.

Regards,
John

<william.dossett@xxxxxxxxx> wrote in message
news:1160637187.584768.199560@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hi,

After demoting one of my nodes from DC to member server, the cluster
service wouldn't start. I read something that seemed to say there need
to be a local account on the member server to match the name of the
account that the cluster service runs under... at least I think that's
what it said.... so in trying to get this node back up and running,
i've made a bit of a mess of users etc, and the user it's running under
currently has way to many permissions.

If I'm at all clear on things now... I should have a user that's the
following.

Domain account which is member of the Local Computers Administrators
Group...

and then in local security give the domain account:

Act as part of the operating system
Back up files and directories
Restore files and directories
Adjust memory quotas for a process
Log on as a service
Increase scheduling priority

and make sure that the local computers administrator account can:

Manage auditing and security log
Debug programs
Impersonate a client after authentication

And after all that, I shouldn't need a local user configured on these
machines? As it is I believe I have a local user and domain user with
the same name and I think that's causing some, benign, error messages
at boot up, but would like to clean up logs anyway.... just want to do
it without breaking anything, so I'm just making sure I've got this
clear before I do it.

Thanks



.

Relevant Pages

  • Re: Share Permissions and Security Groups
    ... >> storage on a member server. ... >> If the account is in no group that directly or indirectly has been ... >> resources that are controlled and add the groups of principals ... > From your comments I ensure that each Project Folder NTFS does not inherit ...
    (microsoft.public.security)
  • mssbsssr/sbsmonacct causing audit failure
    ... it first checks if the user account sbsmonacct exists, ... It is a member of Domain Users, Enterprise Admins, and by implication Users ... a member of either the Remote Operators group or the Domain Power Users ... This happens because on SBS 2003, the "Deny log on locally" policy ...
    (microsoft.public.windows.server.sbs)
  • Re: New domain users - what local groups
    ... account and then look at the "member of" tab. ... I always cringe when I here that the normal domain user accounts need to be ... a member of the computers local Administrators group. ...
    (microsoft.public.win2000.active_directory)
  • User cant access OWA or RWW
    ... New staff member aboard; heading out on a business trip so I'm walking her through the process of accessing her email and desktop remotely. ... Keeps getting the note that either her login or password are bad. ... I then used the Add User wizard in Server Management to create a new account for her. ... User not allowed to logon at this computer ...
    (microsoft.public.windows.server.active_directory)
  • Re: Unable to unlock peer group members accounts
    ... Roger, Steven, thanks both of you for your valuable input which do help us in further troubleshoot our Unlock User account issue. ... In other words, if you have peer group member users but they reside in different OUs, then make sure you delegate to each Ou respectively with the required delegated group memebership. ...
    (microsoft.public.win2000.security)