Which user privileges are required by a Copssh service account ?

Creation of a dedicated service account for Copssh became necessary when the built-in SYSTEM account lost some required privileges as of Windows 2003. By default, the Copssh installer creates the local account SvcCOPSSH  (24-char complex password, no password expiration) with following privileges:

  • Member of local Administrators group
  • User rights for proper operation:
    • SeCreateTokenPrivilege
    • SeAssignPrimaryTokenPrivilege
    • SeIncreaseQuotaPrivilege
    • SeServiceLogonRight
  • User rights for better security:
    • SeDenyBatchLogonRight
    • SeDenyInteractiveLogonRight
    • SeDenyNetworkLogonRight

Copssh installer will also try to apply all those above, if you have specified an existing account during the setup.

More info:

SSHD, Cygwin and Windows 2003