RVY200347: Granting Permission for Zero Touch Windows Scan

1. General Information

This document describes the permission standard for a Service User (Domain/local) or a specified Group (domain/local) to have scanning permission for the Zero Touch Windows scanning technology.

 

2. User Specifications

Option 1: local Administrator

This is the highest permission level.

The User needs to be part of the local Administrators group. Local administrators usually have full permissions to WMI. This User needs to be permitted and rolled out to every device in scope.

 

Option 2: Grant dedicated permission

This is the least privilege approach.

For granting dedicated permissions to specified Service Users or Groups the following needs to be configured on target system. 

 

Group Membership

The User or Group needs to be member of the following groups:

 

Dedicated permissions

Namespaces

The following permissions on the namespaces for the specified user or group should be allowed: 

General

 

MS SQL Servers

 MS SQL Server until 2000

MS SQL Server after 2005

HyperV

 

Services

Read Permission for Service Control Manager and all Services.

Have more questions? Submit a request

Comments

Powered by Zendesk