Skip to content

The Microsoft SCOM Service Accounts and Run As accounts must not be granted enterprise or domain level administrative privileges.

An XCCDF Rule

Description

The Microsoft SCOM privileged Run As accounts are used to execute work flow tasks on target endpoints. A SCOM Run As account must only have the level of privileges required to perform the defined SCOM actions. An account with full administrative at the domain or enterprise level could be used to breach security boundaries and compromise the endpoint.

ID
SV-237429r643933_rule
Version
SCOM-AC-000007
Severity
High
References
Updated

Remediation Templates

A Manual Procedure

Remove the service accounts from these groups and grant appropriate permissions to them. SCOM service account permission documentation can be found at this link: https://kevinholman.com/2019/03/08/scom-2016-security-account-matrix/. Run As accounts that are not being used as SCOM service accounts should be configured to least privileges as well.