The Active directory admin doesn't want to disable the UAC by modifyng the registry key: "LocalAccountTokenFilterPolicy ", on the contrary they want to create a service account to do this.
That is why I want to know what kind of privileges must the service account have in order to be able to scan, deploy and install the patches on the servers.
I will appreciate your help.
Thanks and have a good day
The short answer is to need to run Protect with an account with full administrative access, we really don't have a complete list of rights on hand though.
I can tell these are required to use Protect and perform agentless scans and deployments.:
Retrieving data ...