|
Posted by S. Pidgorny on July 8, 2007, 4:49 pm
If you were Registered and logged in, you could reply and use other advanced thread options
The rights you looking for:
* Connect to computer from network
* Install software
It's not full admin. From the description, that is not required.
--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-
* http://sl.mvps.org * http://msmvps.com/blogs/sp *
>I have a service account with administrator rights that I would like
> to restrict to just performing software installs. The account needs
> to be able to copy files to the administrative shares on the target
> computer (servers and workstations), then execute the setup program
> via RPC. Once installed, the software will run as a service in the
> LocalSystem security context.
>
> How might I restrict the rights afforded to this service account? I
> realize that remote software installation is sufficient to compromise
> a computer, but I'd like to know if there's anything I can or should
> do to restrict what this account can access. (I'm probably better off
> using a different method for software distribution, but in this case,
> I am using a network-based discovery program to find computers that
> aren't running this service, and once discovered, the program pushes
> the service out to them using this account.)
>
> Best wishes,
> Matthew
>
> --
> "Rogues are very keen in their profession, and know already much more
> than we can teach them respecting their several kinds of roguery."
> - A. C. Hobbs in _Locks and Safes_ (1853)
| 
XML site map