GFI
English Deutsch Français Italiano Espanol
Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Member List  Search  FAQ  Ticket List  Log Out

 

Required Rights

  		Logged in as: Guest
Users viewing this topic: none
  Printable Version
All Forums >> [Network Security] >> GFI EventsManager >> Required Rights Page: [1]
Login
Message << Older Topic   Newer Topic >>
Required Rights - 24.Apr.2008 1:38:16 PM   
gmitch64

 

Posts: 1
Score: 0
Joined: 24.Apr.2008
Status: offline 		What rights does the account running the events manager actually NEED? The docs and the FAQ recommend making the account a Domain Administrator, which seems way to many rights for an application.

We're going to try making the account a local machine administrator and see if it still works, but even that seems to be too many rights. So which rights, and where, does it actually NEED?

We're in the process of moving to Windows 2008, so we're trying to lock things down as tightly as we can as we progress.


Graham
Post #: 1
RE: Required Rights - 25.Apr.2008 3:15:45 AM   
Sven Berger

 

Posts: 183
Score: 0
Joined: 25.Feb.2008
Status: offline 		Hi gmitch64,

Unfortunately we do not have any information on the exact rights that are required by Eventsmanager that can be made public. But from the way Eventsmanager works, we can deduce the following:

if you want to run Eventsmanger under User Credentials, that account would require additional rights such as:

- Log on as a batch job (for scheduled tasks)
- Log on as service

It becomes more complicated when you start looking at the privileges required by Eventsmanager. Privileges like "modify morning firmware values" and "create global objects" do require a good understanding of the actual code in Eventsmanager and this information is not made public by the developers. 

There are about 20 to 25 privileges that are automatically asigned to Administrators, and I guess that a good number of there are required by Eventsmanager ( but probably not all).

Personally, I would advise you against attempting to create a User account and add required priviledges as required. You would have to test every single function in Eventsmanager with such an account to be sure that Eventsmanager is working correctly.

There is one other thing to consider: We do not suport such a configuration. We would first advise you to switch back to the Local Administrator Account before we would undertake any troubleshooting.

_____________________________

Sven Berger
GFI Software - www.gfi.com
Messaging, Content Security & Network Security Software

(in reply to gmitch64)
Post #: 2
RE: Required Rights - 28.Apr.2008 2:13:25 PM   
mfhjek0

 

Posts: 18
Score: 0
Joined: 14.Jun.2006
Status: offline 		Security in Windows Active Directory has finally begun to breakdown individual permissions in a much more granular manner as a response to a long time weakness that required many products ( and people ) to run as Domain Admins, or Administrator, even that was way to much authority. 

With the new delegation capability Security Administrators now have the capability to only grant the permissions the application needs.  We are asking our vendors to do their homework and know exactly what permissions their software needs, and provide that level of installation information so we can fully utilize the security capablilities that today's business requires.

Can you please submit this as a feature request.

thank you




(in reply to Sven Berger)
Post #: 3
RE: Required Rights - 29.Apr.2008 3:13:47 PM   
Terry Erickson

 

Posts: 11
Score: 0
Joined: 28.Apr.2008
Status: offline
quote:

mfhjek0
Security in Windows Active Directory has finally begun to breakdown individual permissions in a much more granular manner as a response to a long time weakness that required many products ( and people ) to run as Domain Admins, or Administrator, even that was way to much authority.

With the new delegation capability Security Administrators now have the capability to only grant the permissions the application needs. We are asking our vendors to do their homework and know exactly what permissions their software needs, and provide that level of installation information so we can fully utilize the security capablilities that today's business requires.

Can you please submit this as a feature request.

thank you

I have just sent this to Product management for consideration.  Thank you for taking the time to clearly outline your needs.

(in reply to mfhjek0)
Post #: 4
Page:   [1]
All Forums >> [Network Security] >> GFI EventsManager >> Required Rights Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts


   © 2008. All rights reserved. GFI Software Home Products Download Trials Support Ordering Site Map About Us Contact us
GFI solutions: anti spam - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software