I am configuring FSSO on my Active Directory servers, and it appears to require a Domain Admin user for installation and for running the service.
Is everyone else also using a Domain Admin user to run the FSSO agent on your DC' s?
It seems like a security risk, especially since you also need to open up port 445 or 139 on all workstations to verify login status every 5 minutes.
I am looking for any best practices in this area if someone has suggestions. Thanks.
Fortigate 600C 5.0.12, 111C 5.0.2