My best practice for creating service accounts is as follows:
1. In Active Directory, create an OU such as 'Service Accounts' for storing all of your Service Account Users
2. Create a Security Group which will hold all the Service Account users. Call it something meaningful such as 'Service Accounts' or 'Deny Interactive Logon'
3. Create the User to be used as a Service Account and give them the required rights - try and avoid giving Domain Admin where possible. Add information about what this service account is used for in the descrption field.
4. Move this user to the 'Service Accounts' OU and add to the 'Service Accounts' Security Group.
5. Open Group Policy Management. Create a new GPO and link it at the Domain level. Again, call it something meaningful such as 'Service Accounts Deny Interative Logon'
6. Edit the GPO. Disable User Configuration. Under Computer Configuration/ Windows Settings/Security Settings/Local Policies/User Rights Assignment
Add the 'Service Accounts' Security Group to 'Deny log on locally' and 'Deny log on through Terminal Services'