How Safe is ACC to be installed in AD & High Performance Servers
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-27-2024 07:26 AM
Dear Experts,
We are in the process of discovering the AD servers. However, it was brought to our notice on how much secure the ACC are whether it can be hacked or someone can login to the ServiceNow by impersonating an admin user and can use the credentials make changes in the config files of the ACC- I need to get some documentation which will help me to give answers to their questions regarding this. This is a bit urgent.
Regards
Nilanjan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 04:48 PM - edited 11-28-2024 04:48 PM
You have the option, actually the default, where the ACC service runs with a regular account named servicenow.
Security risks are much reduced in that case.
But the problem is with updates.
If the service is run with a limited, not-privileged account, it will not be able to self-update.
In this scenario some software management software will be needed on the server to do updates of the agent.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-28-2024 04:49 PM
Also the agent can be configured to utilize very little resources, so performance wise it can be configured so that it is harmless.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2024 02:55 AM
Thank you so much @-O- but when you say regular Service Account, what does that mean ?
The log on as a service account.. for MID server that we configure ??? We have sccm for updates...we have a package that is created for the same and we can upgrade everytime when we work have a new version for ACC. since these servers are AD I do not want much information to be updated just the relation ships.. some config parameters... thats it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2024 02:15 AM
By regular service account I mean an account under which the ACC service runs that does not have elevated/admin/system privileges on the local host.
While the same concept as with the MID service, the ACC service account has nothing to do with it.
If you want minimal information to be updated, you can create special check and policy for AD servers that only gather basic identity information, only "running" the check-discovery-basic Check Configuration.