This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

User account used for STAS (Best Practice)?

I'm about to implement STAS for our Sophos UTM and trying to see if it is best to spin up a RODC so I can allow only local admin rights on that VM. With a DC that is a Global Catalog Server, adding an account to the "Administrators" group under BUILTIN will give that account full access to Active Directory too. I prefer this not to happen.

I'm assuming I could just edit the Security settings for the domain in AD and set that account to only be able to read and not write.

Any ideas? Thanks.

This thread was automatically locked due to age.

Parents

0 Aditya Patel over 7 years ago

Hi Breakingcustom ,

At this moment BuiltIn Administrator use is recommended. It may work with Domain Administrator but there is a chance that the system will not allow the service to start without Built-in Admin rights.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Aditya Patel over 7 years ago

Hi Breakingcustom ,

At this moment BuiltIn Administrator use is recommended. It may work with Domain Administrator but there is a chance that the system will not allow the service to start without Built-in Admin rights.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data