Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LUA for STAS service account

I understand that STAS is watching the Security log on a DC from a remote machine in order to map users to IP addresses. Typically, you have to be a member of Administrators to read the Security log. On a DC, that means you have to be a member of Domain Admins. Using a Domain Admin account for a service account is a security worst practice.

I was unable to locate any documentation on Sophos web site for creating a service account that had only the minimal permissions needed for this, but I found that Juniper has recommendations for their equivalent for STAS that sounds like it could work for STAS--

https://kb.juniper.net/library/CUSTOMERSERVICE/GLOBAL_JTAC/nt291/Windows%202008_2012%20non-admin%20for%20event%20log%20query.pdf

If I do steps 1-5 in that article, will that provide the permissions needed for a STAS service account? Will Sophos consider writing a similar article for their KB?

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
No Data