Jump to content
Jasper

Minimum requirements priveliged account (Windows)

Recommended Posts

Hi!

 

If I don't want our the Passwordstate Privileged account to be a domain admin, what are the minimum permissions requirements for these accounts?

I tried to find these minimum requirements in the documentation, but didn't find them.

 

Thanks in advance!

 

//Jasper

Share this post


Link to post
Share on other sites

Hi Jasper,

 

This can depend on a few things, namely:

  • For the 'Read' account, generally this only needs to be in Domain Users in order to read AD attributes for accounts. But some customers lock down their AD environment, and you may need greater privileges i.e. a Domain Users account may not be able to read attributes of Domain Admin accounts. So we generally recommend using Domain Users first, and then Account Operators after this. You can also do some testing of this on the screen Administration -> Security Groups, Debug AD Security Groups, to see if there any issues after making changes to this account
  • With the 'Write' account, used for performing password resets, generally Account Operators is required, but again, possibly more depending on the type of account being reset.

I hope this helps a little.

 

Regards

Click Studios

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...