1 Reply Latest reply on Dec 14, 2016 11:27 AM by cwinning

    Account privilege

    diego.urrego Rookie

      The Active directory admin doesn't want to disable the UAC by modifyng the registry key: "LocalAccountTokenFilterPolicy ", on the contrary they want to create a service account to do this.


      That is why I want to know what kind of privileges must the service account have in order to be able to scan, deploy and install the patches on the servers.


      I will appreciate your help.


      Thanks and have a good day

        • 1. Re: Account privilege
          cwinning CommunityTeam



          The short answer is to need to run Protect with an account with full administrative access, we really don't have a complete list of rights on hand though.


          I can tell these are required to use Protect and perform agentless scans and deployments.:


          • Backup Files and Directories
          • Debug Programs
          • Restore Files and Directories
          • Take Ownership of Files or Other Objects
          • Manage Auditing and Security Log
          • Log on as a Batch Job




          1 of 1 people found this helpful