Windows OS
--
Questions
--
Followers
Top Experts
Least principal account for Western Digital My Cloud EX 4100 NAS Active Directory queries
I have two Western Digital My Cloud EX 4100 NAS devices within my company's network that are both added to Active Directory.
These drives require that an Active Directory account and password be used so that they can query Active Directory.
Using the principal of assigning the minimum rights what privileges do I need to assign to the Active Directory account that will be used by these two Western Digital NAS devices to query Active Directory?
For obvious reasons I don't want to use the domain administrator account or an account that has domain administrator rights for this if possible.
It appears that these NAS devices actually store the Active Directory account username and password that is used for interacting with Active Directory. This is an obvious security risk compared to simply using the domain administrator username and password once for adding a computer to an Active Directory domain (see the screenshot).
We are using a Server 2016 Active Directory environment.
Attached is the owner's manual for this NAS.
Please let me know if any further information is needed.
western-digitial-my-cloud-ex4100-477.pdf
These drives require that an Active Directory account and password be used so that they can query Active Directory.
Using the principal of assigning the minimum rights what privileges do I need to assign to the Active Directory account that will be used by these two Western Digital NAS devices to query Active Directory?
For obvious reasons I don't want to use the domain administrator account or an account that has domain administrator rights for this if possible.
It appears that these NAS devices actually store the Active Directory account username and password that is used for interacting with Active Directory. This is an obvious security risk compared to simply using the domain administrator username and password once for adding a computer to an Active Directory domain (see the screenshot).
We are using a Server 2016 Active Directory environment.
Attached is the owner's manual for this NAS.
Please let me know if any further information is needed.
western-digitial-my-cloud-ex4100-477.pdf
Zero AI Policy
We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.
Why do you suspect it's such a risk? Who is this machine exposed to?
Let's assume, any domain user can access you NAS - they already have domain accounts, what would be won if the somehow got to the account, that is used for queries? Just tak an account that is not allowed to logon anywhere, but just on the NAS name.
Let's assume, any domain user can access you NAS - they already have domain accounts, what would be won if the somehow got to the account, that is used for queries? Just tak an account that is not allowed to logon anywhere, but just on the NAS name.
I'm concerned that the password for the domain administrator account might be able to be hacked if I am using it for something like this.
What other options or other types of accounts that can be used that won't pose such a potential security risk?
What other options or other types of accounts that can be used that won't pose such a potential security risk?
SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
ASKER CERTIFIED SOLUTION
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
EARN REWARDS FOR ASKING, ANSWERING, AND MORE.
Earn free swag for participating on the platform.
Windows OS
--
Questions
--
Followers
Top Experts
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.