It is recommended that you create a dedicated service account for Nodeware and avoid using Domain Admin credentials or other user accounts. CIS Controls v7 3.3 states:
3.3 Use a dedicated account for authenticated vulnerability scans, which should not be used for any other administrative activities and should be tied to specific machines at specific IP addresses.
Requirements
The service account must meet the following requirements for proper operation:
Substitute your created domain and user in the following commands where you see <domain> or <user>.
Required groups
In a command prompt, enter the following commands
net localgroup "Remote Management Users" /add <domain>\<user>
net localgroup "Performance Monitor Users" /add <domain>\<user>
Access to WinRM resources
1. In a command prompt, enter the following command
winrm configSDDL default
2. This will open the Permissions for Default dialog window
3. In the Group or user names section, add <domain>\<user> to the list
4. Select the <domain>\<user> you added, in the Permissions for <user> section beneath:
- Check "Allow" for Read (Get, Enumerate, Subscribe)
- Check "Allow" for Execute (Invoke)
5. Click OK to confirm the changes
Comments
0 comments
Article is closed for comments.