Which user privileges are required by a Copssh service account ?
Creation of a dedicated service account for Copssh became necessary when the built-in SYSTEM account lost some required privileges as of Windows 2003. By default, the Copssh installer creates the local account SvcCOPSSH (24-char complex password, no password expiration) with following privileges:
- Member of local Administrators group
- User rights for proper operation:
- SeCreateTokenPrivilege
- SeAssignPrimaryTokenPrivilege
- SeIncreaseQuotaPrivilege
- SeServiceLogonRight
- User rights for better security:
- SeDenyBatchLogonRight
- SeDenyInteractiveLogonRight
- SeDenyNetworkLogonRight
Copssh installer will also try to apply all those above, if you have specified an existing account during the setup.
More info:
