09-28-2010 11:34 PM
For security reasons, we'd like to disable the VSA from being used to logon to an EV-server. (deny interactive logon I believe). During install the VSA gets: the following advanced user rights: Log On As a Service, Act As Part Of The Operating System, Debug programs, Replace a process-level token.
It should not be necessary to be able to logon to a machine right? Only when I need to change Authorization, or change a specific setting I need the logon.
Thanks.
Gertjan
Solved! Go to Solution.
09-28-2010 11:49 PM
Gertjan
As far as I am aware you need the VSA for:
There could be others too, but thats just off the top of my head
To be on the safe side you could always DENY the VSA from TS. That would sort your issue out, just a thought.
09-28-2010 11:49 PM
Gertjan
As far as I am aware you need the VSA for:
There could be others too, but thats just off the top of my head
To be on the safe side you could always DENY the VSA from TS. That would sort your issue out, just a thought.
09-28-2010 11:57 PM
Hi,
Wayne is correct. You can either deny TS login, or you might deny interactive login as you stated. When ever you need to make changes you'll either have to walk to the server room to work, or remove the restrictions that you've applied. Which ever is easier ;)