Hello,
I have been working with SCOM for 3 weeks now but I've got some confusions about the permissions of accounts used.
Here is my environnement:
-Local System is used for all Agent Action Account
-SCOM-MGT-AA domain account is used for Management Action Account
I have only 1 Management Server.
The thing is... I don't give permissions to SCOM-MGT-AA anywhere.
Does "SCOM-MGT-AA" communicate with managed computer ?
I read this:
"The mgmt server action account makes remote updates to agents and related admin actions easier".
So there is a kind of communication between the two ?
Do I need to give these rights on managed computer?
*Member of the local Users group
*Member of the local Performance Monitor Users group
*“Allow log on locally” permission (SetInteractiveLogonRight)
I'm trying to give only low privileged account. I don't want to use the "Administrators" group.
Moreover, I read that the "Data Access Account" should have the Administrator rights. Is that right ?
Well, as you can see, I need some advices...
Thank you for your time !