Potential Security Implications When Sharing Credentials with Background Services
Therefore:
It is recommended that you create a service account to perform background service functions rather than using a domain administrator account. |
Security Controls supports Kerberos authentication for background service interaction with various resources in addition to explicitly specified credentials. Granting permissions to the Domain\Machine$ account can be used to provide access to network shares and distribution servers in scenarios where it is not desirable or possible to create a service account.
Further, shared service credentials can be updated at any time. This makes password update maintenance easy.