‎09-11-2024 03:01 PM
Situation:
Lansweeper on premise
Challenge:
Scan Domain-Controller
So far:
Set up scan-service user which is member of local admin group on server, computer etc.
No Local Admin Group on DC ==> Scan fails
(Giving scan user Domain Admin privileges works, but not our intention)
Any suggestions / experiences?
Thanks in advance.
Tom
Solved! Go to Solution.
‎09-11-2024 04:06 PM
Hello @TEisenmann
Off the top of my head, one idea is to have a read-only domain controller. That way you can give a specific user access to the RoDC -- this also provides a level of security where the account can't get to the PDC and make changes.
I'd love to hear what other users are doing as well! Security and scanning rights is a popular topic with our customers. It's great to hear what others are doing to still be able to scan their environment yet keep a strong security posture.
‎09-11-2024 04:06 PM
Hello @TEisenmann
Off the top of my head, one idea is to have a read-only domain controller. That way you can give a specific user access to the RoDC -- this also provides a level of security where the account can't get to the PDC and make changes.
I'd love to hear what other users are doing as well! Security and scanning rights is a popular topic with our customers. It's great to hear what others are doing to still be able to scan their environment yet keep a strong security posture.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now