cancel
Showing results for 
Search instead for 
Did you mean: 

Deny logon to server for VSA - possible?

GertjanA
Moderator
Moderator
Partner    VIP    Accredited Certified

For security reasons, we'd like to disable the VSA from being used to logon to an EV-server. (deny interactive logon I believe). During install the VSA gets: the following advanced user rights: Log On As a Service, Act As Part Of The Operating System, Debug programs, Replace a process-level token.

It should not be necessary to be able to logon to a machine right? Only when I need to change Authorization, or change a specific setting I need the logon.

Thanks.

Gertjan

Regards. Gertjan
1 ACCEPTED SOLUTION

Accepted Solutions

Wayne_Humphrey
Level 6
Partner Accredited Certified

Gertjan

As far as I am aware you need the VSA for:

  • Adding a service
  • Running EVSVR
  • Running Index Checker
  • Running Authorization Manager
  • Upgrading Enterprise Vault
  • Adding a new server

There could be others too, but thats just off the top of my head

To be on the safe side you could always DENY the VSA from TS. That would sort your issue out, just a thought.

View solution in original post

2 REPLIES 2

Wayne_Humphrey
Level 6
Partner Accredited Certified

Gertjan

As far as I am aware you need the VSA for:

  • Adding a service
  • Running EVSVR
  • Running Index Checker
  • Running Authorization Manager
  • Upgrading Enterprise Vault
  • Adding a new server

There could be others too, but thats just off the top of my head

To be on the safe side you could always DENY the VSA from TS. That would sort your issue out, just a thought.

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi,

 

Wayne is correct. You can either deny TS login, or you might deny interactive login as you stated. When ever you need to make changes you'll either have to walk to the server room to work, or remove the restrictions that you've applied. Which ever is easier ;)