I want to create a user-account to use as a Service Account or Service User name on Windows 7. For example I made a "tomcat" user for Tomcat -- But that was a quick fix, and I'd like to make it a non-login service account.
When I looked at the Microsoft Management Console / Local Users and Groups I can see the normal login accounts, including a "Tomcat user". And ALSO, a "postgres" username with a description of "service account".
I do not believe this is what Microsoft call a "Service Account" in their server documentation. So what ever postgresql did, I would like to know how to do that too. The postgres user has the following characteristics:
I'm hoping someone has done this and can point to an explanation.
Failing that, is there a way to turn-off the "tomcat" username on the Windows login screen. Quite frankly that would get me one-step further, though I'd prefer to make a "service account" like the "posgres" username. Many thanks ...w
I have an answer to manually achieve the goal. It turns out to be quite simple if a little opaque imho. There is an advanced User Management tool available from the command line with either:
netplwiz
, orcontrol userpasswords2
Access via Control Panel / Administrative Tools, then:
postgres
(for example)postgres2
tomcat
In my case I wanted tomcat
to be a non-login username, similar to postgres
user. If you can inspect the properties for the postgres
account, you too will notice that the postgres
[Member Of] tab is empty, whereas the tomcat
[Member Of] tab lists the Users
.
To hide the tomcat
username from the sign-on a screen, I selected the Users
group name on the [Member Of] tab and pressed the [Remove] button.
When you log-out and tomcat
user is no longer shown as available for log-in. The deed is done.
Of course you may wish to control the privileges for your particular hidden name, say it tomcat
too, this can be done with the Groups and advanced features for the tomcat
user.
My thanks to Chris Hoffman's "10+ Useful System Tools Hidden in Windows" post on How-to-Geek for giving me the idea for how this can be done from the console. For a script or program, you'd need to do the same thing via the available Windows API.
Also I'd be interested in hearing about how belonging to 'Users' gets your name on the sign-on screen and in the normal Users control panel tool. Happy user administrating.
reference: