NOTE: All ports need to be open (incoming/outgoing) with the exception of the Workstation Logon agent which only needs to be outgoing on the workstation's firewall and incoming on the Active Administrator Server. Figure 1 displays an example of how communication is achieved through the specified ports. |
• |
• |
• |
• |
When choosing an account, keep these requirements in mind:
• |
2 |
Use Group Policy Management console (GPMC) to edit the Default Domain Controller Group Policy Object. Give the user account User Rights to Manage auditing and security log. |
3 |
On the target domain controllers, give the user account Read permission to the registry key: HKLM\System\CurrentControlSet\Services\Eventlog\Security. |
4 |
NOTE: For more detailed instructions, see https://support.quest.com/active-administrator/kb/209446/how-to-configure-a-non-domain-admin-audit-agent-service-account. |
For all Active Administrator® modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. This section details the permissions required for operation of each module and submodule.
• |
• |
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center