Announcement

Collapse
No announcement yet.

Security regarding Communication client on Windows device (read: servers)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security regarding Communication client on Windows device (read: servers)

    Hi,
    The forum was offline this morning.
    Because off all the hacks around and earlier forum-breach, I was thinking:
    I'm the Itarian administrator/ main user for all my devices and can initiate scripts via the Communication client.
    Is there any other user higher than that on this platform who can initiate scripts?

    I ask this because the following:
    On all my servers I only have installed the Communication client. No CCS.
    I don't need the scripting or other automation for Itarian on those devices.

    So, in case of a hack, is it possible for an outsider to push or start scripts via CCC from another user than me?
    No higher level user from this Itarian platform?

    Is there a setting (or can it be implemented) so that no scripting is allowed on the Windows device?
    This would be very convenient for servers where you don't want anything runned or installed via the agent.

    Just an extra security setting for devices where you don't want scripting.

    Regards







  • #2
    Hello ailan

    You can control who can have the permission to run scripts over endpoints from the permissions section.

    Navigate to Users -> Role Management -> Choose a role -> Expand Configuration Templates -> turn off "configuration.procedures.execute" under "configurations.procedures" section

    Screenshot_21.png

    If you turn off this permission on all roles that you have, then it will guarantee that no one will be able to execute scripts on any endpoint from the portal.

    Best regards,
    Ilgaz

    Comment


    • #3
      Hi ilgazy

      Thanks for the explanation.

      I was aware of the permissions for my users.

      I only wanted to know if there are any other (higher level) users who can also initiate scripts?
      I am an admin for my account, by I can imagine that your internal admin, or the portal-/or system admin, is maybe higher than my account.
      Is it possible that, in case of breach, one of your (internal) admin accounts can initiate scripts on my devices?

      And second:
      Is there a setting that I can assign to a device so that no scripting is allowed? Not via user, but via a profile on device basis?

      Regards

      Comment

      Working...
      X