I have a corporate Inventory application installed on Windows Server 2008 R2 and I need to deploy some Agents to Windows 7 Desktops.
This app requires having access to C$ and Admin$ in the Desktops, from the Server. Also the agent is installed in C:\Windows\ from a BAT Script but can be installed in C:\ or Program Files too. The agent also comes with a Service related with the processes
being executed when the agent is running.
Usually I can deploy the agents from the server using Local (Desktop) or Domain Admin Account, but this time our AD Admin told me he can't provide that kind of access. It has to be a non-Admin account. When I ask him what is the right permission / mapping
I should have to request to Security team in order to install the agents, he doesn't know! (It seems is not a legit AD Admin ¬¬)
In Windows 2003 I used to mitigate that scenario by requesting Power Users to our AD Admin, but that permission is not able in Windows 2008. What kind of permissions do I need to request in the Windows Server 2008 R2 account, for viewing Admin Shares in
the Desktops and installing the agent remotely? Also I understand User Access Control (UAC) plays some role here (I don't know if I have to request disabling UAC in the Desktops for installing the agent, for instance)
Based on my tests on Windows Server 2008 machines, I can only use Domain Admin account to access admin$ file on a domain controller.
After I input the admin share’s path, I was asked to input credentials to connect to the DC, if I input a domain user’s credentials, then a
logon unsuccessful error message appears, even after I granted read permission on the C drive of the DC.
Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.