Forum Discussion
Which we do... but from the collector itself, I'm required to explicitly run an elevated powershell session, even as a local admin with permissions to do so. Asking for an elevated shell should be reserved for specific cases of administration and should be easily auditable / alertable when they are done so. I live life wearing a tin-foil hat due to my jobs I've held in the past and the one I'm doing now. I don't control your servers, so I implicitly don't trust them (nothing against LM, just a security posture). As you're reaching into your customers' enterprise environments with the software, adding an escalation mechanism that would leverage the domain credentials and associated permissions to escalate sessions would be a welcome addition. That would then trigger events on the DC that are auditable and alertable for better security alerting.
Related Content
- 6 months ago
- 2 years ago
- 6 months agoAnonymous