I have the strange issue with tomcat. I am using alfresco 4.2 e which uses tomcat. My system is Windows 7 Enterprise 64 bit .
Alfresco uses network location of our server filer to store the files. So when I start tomcat I used to give the login credential of my domain to login.
My domain password will get expired in 30 days automatically and once I change my password, I need to restart tomcat with the new login credential.
If I select Log on as Local System account, I am alfresco wont start since tomcat dont have the access to network location.
So is there any way to overcome this ?
Best Answer
Solution #1) The Local System account of a computer corresponds to the machine account object of that computer in Active Directory. You can add computer accounts to ACLs on files and file shares on other domain-joined computers.
Obligatory disclaimer - I don't recommend running Windows services (besides the out of the box ones) as Local System, as Local System is a highly-privileged account that has the permissions necessary to totally trash your system if the service were to encounter a bug or be exploited by malicious activity.
Also, if you use this approach, make sure that the Group Policy setting "Network security: Allow Local System to use computer identity for NTLM" is either at the default for Windows 7 or Enabled. This is default behavior for Windows 7 and you probably won't need to worry about it, but it's something to be aware of in that this security setting can mean the difference between Local System authenticating across the network as an AD computer account versus authenticating anonymously.
Solution #2) Explore using a Managed Service Account. These accounts manage their own passwords and are essentially exempt from your domain's password policy, so you won't have to manage its password at all. The downside is that MSAs are relatively new (newer than Tomcat, anyway,) and as such don't work with every application under the sun, so you'll have to test.
http://blogs.technet.com/b/askds/archive/2009/09/10/managed-service-accounts-understanding-implementing-best-practices-and-troubleshooting.aspx