Windows 2008 R2 and Below
Liongard no longer supports Agents deployed on Windows Server versions 2008 R2 and below.
A Liongard Agent, whether in the cloud or installed on-premise, runs each Liongard inspection. Most inspection jobs require some form of authentication to the target system - see our Permissions & Authentication document for more details.
For inspection jobs that authenticate via Active Directory directly - inspectors like Active Directory, Windows Server, and SQL Server - our best practice is to run the On-premise Liongard Agent service itself as an Active Directory (or Windows) user from which it will derive its rights on the network.
First, we will create an Active Directory (or local Windows, if appropriate) service account.
- Create a user account called "LiongardAgent" (or follow your preferred naming convention) in Active Directory.
- Assign the account the appropriate permissions for the inspectors you wish to run.
Installing a Windows Agent with Least Privilege
To configure the Windows Agent with a lest privilege service account, follow our instructions here.
If not already completed, install the Liongard Agent on the server in question by following our Agent Deployment instructions.
- On the server in question, go to the Services control panel (i.e., services.msc)
- Right-click on the Liongard Agent service (Display name: "Liongard Agent") and click Properties.
- Navigate to the Log On tab and set the service to "Log on as this account" and fill in the "This account" details with the AD account created at the beginning of this article.
- Restart the service and verify that the service starts successfully and shows the desired service account in the "Log On As" column.
You have now configured your Liongard Agent to act as that user, and it will inherit the permissions to inspect both the local machine and other applications as services according to that user's permissions.
If the password associated with the user that the Liongard Agent is running as changes, the password will need to be updated by either editing the Properties of the service in the Windows Services Control Panel or updated via a script/RMM solution.
Updated 18 days ago