In setting up SAM I've found ways around giving accounts full admin access to the machine except for polling service information. Is there a way to poll service information without administrator access to a windows server 2008 R2? Thanks in advance.
Indeed there is. This is covered in the following KB article.
Is it just me, or does the process of polling with a non-admin user seem onerous? I'm curious as to how many folks, real world, just use an account with admin privilege. It seems the most direct path. I understand the security implications, but in large environments the risk/reward consideration for having to make the changes to each monitored server seems questionable.
Agreed. In most cases users simply utilize the local administrators account or domain admin account. The optional Agent included in SAM 6.2 (currently in beta) operates in a least privilege mode by default, not requiring local or domain admin credentials to run and operate normally.
Interesting. Does that Agent play well with Domain Controllers? Read-only as well as regular DCs?
