Discussion:
low privileged account for dns management pack
(too old to reply)
epo
2005-03-02 17:21:03 UTC
Permalink
According to ms documentation, the mom action account needs to hve the right
to clear dns cache and start dns scavenging. I"m having trouble finding
where in the OS to set this ??
Kevin Beares [MSFT]
2005-03-10 19:45:03 UTC
Permalink
I will see what I can find out.
--
Thanks,

Kevin Beares
MOM Community PM

This posting is provided "AS IS" with no warranties, and confers no rights.
OR if you wish to include a script sample in your post please add "Use of
included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm"
Post by epo
According to ms documentation, the mom action account needs to hve the right
to clear dns cache and start dns scavenging. I"m having trouble finding
where in the OS to set this ??
Manish Aggarwal [MSFT]
2005-03-10 20:09:00 UTC
Permalink
Hello,
Please see if the following helps:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_pro_ClearServerCache.asp

You are using a low pri account, and the deployment guide states you will
need additional rights and privileges. The above website states the
following:

To perform this procedure, you must be a member of the Administrators group
on the local computer, or you must have been delegated the appropriate
authority. If the computer is joined to a domain, members of the Domain
Admins group might be able to perform this procedure. As a security best
practice, consider using Run as to perform this procedure.

And pretty much the same thing for DNS scavenging.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_pro_StartManualScavenging.asp

Hope this helps,
Thanks!
Manish
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
Post by epo
According to ms documentation, the mom action account needs to hve the right
to clear dns cache and start dns scavenging. I"m having trouble finding
where in the OS to set this ??
James Hedrick [MSFT]
2005-03-11 01:17:06 UTC
Permalink
It looks like this requires the action account to belong to the DNSAdmins
domain group
--
James Hedrick
Microsoft Operations Manager

This posting is provided "AS IS" with no warranties, and
confers no rights.
Post by Manish Aggarwal [MSFT]
Hello,
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_pro_ClearServerCache.asp
You are using a low pri account, and the deployment guide states you will
need additional rights and privileges. The above website states the
To perform this procedure, you must be a member of the Administrators
group on the local computer, or you must have been delegated the
appropriate authority. If the computer is joined to a domain, members of
the Domain Admins group might be able to perform this procedure. As a
security best practice, consider using Run as to perform this procedure.
And pretty much the same thing for DNS scavenging.
http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_DNS_pro_StartManualScavenging.asp
Hope this helps,
Thanks!
Manish
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
Post by epo
According to ms documentation, the mom action account needs to hve the right
to clear dns cache and start dns scavenging. I"m having trouble finding
where in the OS to set this ??
Loading...