I want to create a service account that can connect to a Windows Server 2012 operating system and read the following:
- Users' permissions (Read, Write, etc.) to certain directories - not just for the service account but for ALL users;
- Log on settings like Password Length, Password Complexity, and Maximum Logon Failures.
It is really important for this service account to have as little access to change, delete, or create data as possible. Ideally, It would be Read access.
What is the minimum access permissions the service account will need to be able to do this?
I am obviously not a Windows expert. If the service account needs to be an Admin to do this, is there some way to restrict the access of an Admin account to disable its ability to change, delete, and create data on the Windows Server 2012 operating system