Domain Admin required for FSSO?

Forum|Forum|12 years ago
October 23, 2013
1 reply
5446 views

I am configuring FSSO on my Active Directory servers, and it appears to require a Domain Admin user for installation and for running the service. Is everyone else also using a Domain Admin user to run the FSSO agent on your DC' s? It seems like a security risk, especially since you also need to open up port 445 or 139 on all workstations to verify login status every 5 minutes. I am looking for any best practices in this area if someone has suggestions. Thanks.

Alivo__FTNT

Staff

Admin credentials are very important for overall FSSO CA operation. Without this account collectoragent.log might not be created, Domain Admin credentials are also mandatory to complete for example workstation checks. If you are running Collectors in polling mode, they are opening security eventlog or calling RPC NetAPI. Both require domain admin privileges.

billpAuthor

New Member

Thanks. That' s good to know. I created a Domain Admin user that has some basic login restrictions and it appears to be working OK.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded