{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":739806677,"defaultBranch":"main","name":"dynamics-365-customer-engagement","ownerLogin":"waynevelliott","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2024-01-06T15:52:17.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/121355712?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1704557582.6413178","currentOid":""},"activityList":{"items":[{"before":"3be246e443623a35ae76e226f5105711e5758b48","after":"78d28c71e502fa1796fc04bbd0e33fed04f19660","ref":"refs/heads/patch-1","pushedAt":"2024-01-06T16:29:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"waynevelliott","name":null,"path":"/waynevelliott","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/121355712?s=80&v=4"},"commit":{"message":"Corrections to Security Configuration for Service Accounts \n\n1. Deleted \"Local administrator group membership on the computer where the Application Service is running.\" for the Application Service service account. This user (or any IIS App Pool account) must NOT be added to the local administrators group. It has never been required for CRM/Dynamics/Power Apps in a proper least privilege configuration.\r\n\r\n2. Updated references to SeServiceLogonRight and SeBatchLogonRight to use the correct label and constant.\r\nhttps://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/log-on-as-a-service\r\nhttps://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/log-on-as-a-batch-job\r\n\r\n3. Performance Log Users membership is required for the Application Service and Deployment Web Service accounts only. Removed from Asynchronous Processing Service. Added to Deployment Web Service.\r\n\r\n4. Asynchronous Processing Service also requires SeBatchLogonRight.\r\n\r\n5. Deployment Web Service also requires SeBatchLogonRight.\r\n\r\n6. Updated two references to the CRM_WPG local group to state that \"The CRM_WPG group is granted Log on as a service (SeServiceLogonRight) and Log on as a batch job (SeBatchLogonRight) permissions in the Local Security Policy\" since client group policy configurations may undo this.","shortMessageHtmlLink":"Corrections to Security Configuration for Service Accounts"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAD2UUmdwA","startCursor":null,"endCursor":null}},"title":"Activity · waynevelliott/dynamics-365-customer-engagement"}