Microsoft KB Archive/281975

= Security May Be Affected When You Configure the Cluster Service =

PSS ID Number: 281975

Article Last Modified on 10/29/2003

-

The information in this article applies to:


 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition

-



This article was previously published under Q281975



SUMMARY
This article describes a security hole that may be created when you configure the Cluster service in Windows Server 2003.



MORE INFORMATION
When you configure the Cluster service in Windows Server 2003, you must be logged on with an account that has local administrator credentials.

When you use the Configuration Wizard, you are prompted to specify a domain account that is used to start the Cluster service. This account must be a member of the Local Administrators group. If this account is not already a member of the Local Administrators group, the wizard automatically adds it. However, this behavior may create a security hole on your server if an account is granted local administrator credentials to the server unintentionally.

It is recommended that you set up a dedicated account on the domain that is used only for starting the Cluster service, and that you set the password for this account so that it never expires. When you are deciding the account that you want to use to start the Cluster service, consider your domain security.

For additional information about how to change the cluster account after configuration and the rights that account requires, click the article number below to view the article in the Microsoft Knowledge Base:

269229 How to Manually Re-Create the Cluster Service Account

Additional query words: MSCS

Keywords: kbClustering kbinfo w2000mscs KB281975

Technology: kbWinServ2003Data kbWinServ2003DataSearch kbWinServ2003Ent kbWinServ2003EntSearch kbWinServ2003Search

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.