Security regarding Communication client on Windows device (read: servers)

The forum was offline this morning.
Because off all the hacks around and earlier forum-breach, I was thinking:
I’m the Itarian administrator/ main user for all my devices and can initiate scripts via the Communication client.
Is there any other user higher than that on this platform who can initiate scripts?

I ask this because the following:
On all my servers I only have installed the Communication client. No CCS.
I don’t need the scripting or other automation for Itarian on those devices.

So, in case of a hack, is it possible for an outsider to push or start scripts via CCC from another user than me?
No higher level user from this Itarian platform?

Is there a setting (or can it be implemented) so that no scripting is allowed on the Windows device?
This would be very convenient for servers where you don’t want anything runned or installed via the agent.

Just an extra security setting for devices where you don’t want scripting.


Hello @ailan

You can control who can have the permission to run scripts over endpoints from the permissions section.

Navigate to Users -> Role Management -> Choose a role -> Expand Configuration Templates -> turn off “configuration.procedures.execute” under “configurations.procedures” section

If you turn off this permission on all roles that you have, then it will guarantee that no one will be able to execute scripts on any endpoint from the portal.

Best regards,

Hi @ilgazy

Thanks for the explanation.

I was aware of the permissions for my users.

I only wanted to know if there are any other (higher level) users who can also initiate scripts?
I am an admin for my account, by I can imagine that your internal admin, or the portal-/or system admin, is maybe higher than my account.
Is it possible that, in case of breach, one of your (internal) admin accounts can initiate scripts on my devices?

And second:
Is there a setting that I can assign to a device so that no scripting is allowed? Not via user, but via a profile on device basis?