Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Group Policy security best practice for service account used by Account auditing tool ?

Posted on 2016-08-29
4
Medium Priority
?
67 Views
Last Modified: 2016-10-16
People,

I'm using Netwrix ALE: https://www.netwrix.com/account_lockout_examiner.html freeware to get some report about the locked account in my AD domain.

But the problem is that due to PCI compliance, I cannot put the service accoutn which is used by the service as the member of the DOMAIN\Administrator group, and also cannot be member for all Computer and Server Local Administrator group either ?

So can anyone here please share some thought and comments of how it is best to secure this type of service account while maintaining its functions ?

Thanks.

According to this guide: https://www.netwrix.com/download/documents/Netwrix_Account_Lockout_Examiner_Administrator_Guide.pdf
it requires at least local administraor to audit security log & event ?
0
Comment
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 41775833
basically, as always, the principle of least privilege applies.

per the instruction on page 8 regarding service account's requirement, it "'must be a member of the Domain Admins group in all managed domains, OR have" five given rights, you got two choices: domain admin or a specific user with customised rights.

therefore you may create a user to meet the five rules. be aware the LOCAL administrator right is a MUST for client workstation, this seems to be uncompromised.
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 41775839
Ah I see,

So according to the page 8, I do not have any other choice than to give the Local Administrators group member for all Servers & Computers in the domain.
0
 
LVL 37

Expert Comment

by:bbao
ID: 41775845
correct.
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar. Int…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question