Domain Account
lexicdys
October 13th, 2009
I was curious on the security restrictions that people have put into place for the account the Deployment Server uses. I am assuming that you disable the login ability to the domain, and set the ACL correctly for the directories it needs to get to. Otherwise, any other concerns when setting up my AD account for deployment?
You may want to make sure the
You may want to make sure the altiris administrative account does not have administrative credentials to access your servers unless you want DS to access them. This is a low level security breach within ITO organizations and possibly the biggest and most common security violation I have seen in the ITO world. The result is that DS servers have rights to remote control or install software on servers. This is an huge security risk and should be thought about carefully before allowing it because anyone with access to use the DS can do whatever they see fit to the servers.
Domain Account
Generally the domain account is only used when adding computers to the domain. The only rights it should need is to create computer accounts. Giving it anymore access than that could be a problem. When deploying clients via the remote installation or remote control, I would suggest that the person attempt to do this enter their own credentials.
Would you like to reply?
Login or Register to post your comment.