This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- General Discussions
- Lansweeper scanning windows account
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-18-2020 09:59 PM
I want to create a service account for scanning desktops that is only used for that purpose. I'd prefer not to use an account that is domain administrator. Is there a way to limit the security permissions of the account? I'd like to have just the specific permissions needed.
Labels:
- Labels:
-
General Discussion
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-21-2020 03:31 AM
Sorry I miss spoke. It is not a domain admin account but an admin account on the workstations only.
Doesn't have access to AD or any other services. I mentioned domain as its an admin account via the domain. We also have a local admin password, however that hasn't been set on alot of our machines. This has been changed with Lansweeper but we still have a few remaining.
Doesn't have access to AD or any other services. I mentioned domain as its an admin account via the domain. We also have a local admin password, however that hasn't been set on alot of our machines. This has been changed with Lansweeper but we still have a few remaining.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-19-2020 12:21 AM
abevelacqua wrote:
I want to create a service account for scanning desktops that is only used for that purpose. I'd prefer not to use an account that is domain administrator. Is there a way to limit the security permissions of the account? I'd like to have just the specific permissions needed.
It still pretty much needs domain admin, we created a service account called ls.scanning
So that there was a separation, i'm sure we could lock it down a bit more etc.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-19-2020 06:33 PM
CyberCitizen wrote:abevelacqua wrote:
I want to create a service account for scanning desktops that is only used for that purpose. I'd prefer not to use an account that is domain administrator. Is there a way to limit the security permissions of the account? I'd like to have just the specific permissions needed.
It still pretty much needs domain admin, we created a service account called ls.scanning
So that there was a separation, i'm sure we could lock it down a bit more etc.
This is TERRIBLE advice!
No it does NOT need to be a domain admin. The service account only needs to have local admin access on the machine.
FYI: Domain admin accounts have the rights to make changes to your active directory, the service account for running LanSweeper should NOT have these rights.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-20-2020 04:47 PM
RobertB wrote:CyberCitizen wrote:abevelacqua wrote:
I want to create a service account for scanning desktops that is only used for that purpose. I'd prefer not to use an account that is domain administrator. Is there a way to limit the security permissions of the account? I'd like to have just the specific permissions needed.
It still pretty much needs domain admin, we created a service account called ls.scanning
So that there was a separation, i'm sure we could lock it down a bit more etc.
This is TERRIBLE advice!
No it does NOT need to be a domain admin. The service account only needs to have local admin access on the machine.
FYI: Domain admin accounts have the rights to make changes to your active directory, the service account for running LanSweeper should NOT have these rights.
I am open to other suggestions.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎02-20-2020 06:09 PM
abevelacqua wrote:RobertB wrote:CyberCitizen wrote:abevelacqua wrote:
I want to create a service account for scanning desktops that is only used for that purpose. I'd prefer not to use an account that is domain administrator. Is there a way to limit the security permissions of the account? I'd like to have just the specific permissions needed.
It still pretty much needs domain admin, we created a service account called ls.scanning
So that there was a separation, i'm sure we could lock it down a bit more etc.
This is TERRIBLE advice!
No it does NOT need to be a domain admin. The service account only needs to have local admin access on the machine.
FYI: Domain admin accounts have the rights to make changes to your active directory, the service account for running LanSweeper should NOT have these rights.
I am open to other suggestions.
Create a local admin account on each machine, or, what we did in addition to that was to use GPO to add a specific AD group (you can call it Local_Admin or anything you'd like), then once that GPO "takes hold", add your LS service account to that group. LS service will then have local admin access.
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- question for LsAgent behavior in General Discussions
- Inside Lansweeper: Weekly Recap in General Discussions
- Scanning Queue Timeout Adjustment in General Discussions
- On Prem - Dashboards Questions in General Discussions
- Looking for report that will find systems with a specific local user account in General Discussions
