Security team is wanting to remove the Interactive Logon right/ability for Windows Service Accounts.

What impact will this have on CA Business Service Insight services?

CA Business Service Insight - All Versions

All Supported Windows Operating Systems

CA Business Service Insights requires a dedicated account with the following properties for all services and entities:

• The account is a domain account
• The account is a member of the local administrator group
• Use the same account for all CA Business Service Insights servers

Impact of not having Service Account for already configured environments:

• Adapters will not be running
• Adapter and Report Schedulers will not work
• Required MSMQ component does not work in domain mode 
• Anonymous Authentication for customizations (IIS Server update to setCredentials of Oblicore_Guarantee>>Authentication>>Anonymous Authentication to Domain Account)
• New BSI Services (i.e. adding new PSLWriter instances) logon credentials with user account
• Password utility for BSI services

Recommendation:

• Use a common AD account for use in domain mode
• It is not require to logon to the server directly with the common user account, but the service accounts can use it and it is accessible on all installed environments
• Components like Adapters and MSMQ will use common account
• All environments should be in sync with the same user account
• For new installs, user should have access to the Registry and BSI Installation Folder access to create/modify files and folders