11-06-2020 03:27 AM
Hi Guys,
To create the service account in AD, which is utilized on the device. we know that below rights are needed.
- Distributed COM Users
- Event Log Readers
- Server Operators
My query is why it necessary, what it's justification to be a part of this rights.
In cisco asa it is not necessary that's why I am have this query.
Thanks in advance
11-06-2020 05:32 AM - edited 11-06-2020 05:32 AM
- Event Log Readers (The FW needs permission to read the Security Log on the DC, so when a user (fred, authenticates/logs onto his his computer with 172.16.1.55, and the DC authentication is successful, the UserID agent matches fred:172.16.155 and fwds to the FW.
Now the FW knows that 172.16.1.55 = Fred.)
- Server Operators (used for File/Print shares. As long as someone has a drive mapped or printer mapped, that share session is in use. The Server Operator confirms the user is still using/has permission to use. The IP of the user is captured.)
Distributed COM Users - used for probing unknown IPs within the network. An employee bring laptop in sleep mode, into corporate network. He wakes up computer and then plugs in Ethernet cable. Did he authenticate yet? (NO), but he got a DHCP address. So WHO has this IP. probing IP allows the FW to ask the device "who are you" and the user comes back as "fred". Again, now the FW knows that 172.16.1.55 = Fred)
Thank you.
11-06-2020 05:32 AM - edited 11-06-2020 05:32 AM
- Event Log Readers (The FW needs permission to read the Security Log on the DC, so when a user (fred, authenticates/logs onto his his computer with 172.16.1.55, and the DC authentication is successful, the UserID agent matches fred:172.16.155 and fwds to the FW.
Now the FW knows that 172.16.1.55 = Fred.)
- Server Operators (used for File/Print shares. As long as someone has a drive mapped or printer mapped, that share session is in use. The Server Operator confirms the user is still using/has permission to use. The IP of the user is captured.)
Distributed COM Users - used for probing unknown IPs within the network. An employee bring laptop in sleep mode, into corporate network. He wakes up computer and then plugs in Ethernet cable. Did he authenticate yet? (NO), but he got a DHCP address. So WHO has this IP. probing IP allows the FW to ask the device "who are you" and the user comes back as "fred". Again, now the FW knows that 172.16.1.55 = Fred)
Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
