1 Reply Latest reply on Dec 14, 2016 11:27 AM by cwinning

    Account privilege

    diego.urrego Rookie

      The Active directory admin doesn't want to disable the UAC by modifyng the registry key: "LocalAccountTokenFilterPolicy ", on the contrary they want to create a service account to do this.

       

      That is why I want to know what kind of privileges must the service account have in order to be able to scan, deploy and install the patches on the servers.

       

      I will appreciate your help.

       

      Thanks and have a good day

        • 1. Re: Account privilege
          cwinning CommunityTeam

          Hello,

           

          The short answer is to need to run Protect with an account with full administrative access, we really don't have a complete list of rights on hand though.

           

          I can tell these are required to use Protect and perform agentless scans and deployments.:

           

          • Backup Files and Directories
          • Debug Programs
          • Restore Files and Directories
          • Take Ownership of Files or Other Objects
          • Manage Auditing and Security Log
          • Log on as a Batch Job

           

          Thanks,

          Charles

          1 of 1 people found this helpful