I understand that STAS is watching the Security log on a DC from a remote machine in order to map users to IP addresses. Typically, you have to be a member of Administrators to read the Security log. On a DC, that means you have to be a member of Domain Admins. Using a Domain Admin account for a service account is a security worst practice.
I was unable to locate any documentation on Sophos web site for creating a service account that had only the minimal permissions needed for this, but I found that Juniper has recommendations for their equivalent for STAS that sounds like it could work for STAS--
If I do steps 1-5 in that article, will that provide the permissions needed for a STAS service account? Will Sophos consider writing a similar article for their KB?
Thanks!
This thread was automatically locked due to age.