1. General Information
This document describes the permission standard for a Service User (Domain/local) or a specified Group (domain/local) to have scanning permission for the Zero Touch Windows scanning technology.
2. User Specifications
Option 1: local Administrator
This is the highest permission level.
The User needs to be part of the local Administrators group. Local administrators usually have full permissions to WMI. This User needs to be permitted and rolled out to every device in scope.
Option 2: Grant dedicated permission
This is the least privilege approach.
For granting dedicated permissions to specified Service Users or Groups the following needs to be configured on target system.
The User or Group needs to be member of the following groups:
The following permissions on the namespaces for the specified user or group should be allowed:
MS SQL Servers
MS SQL Server until 2000
MS SQL Server after 2005
Read Permission for Service Control Manager and all Services.