The Microsoft SCOM Service Accounts and Run As accounts must not be granted enterprise or domain level administrative privileges.

An XCCDF Rule

Details
Profiles

Description

The Microsoft SCOM privileged Run As accounts are used to execute work flow tasks on target endpoints. A SCOM Run As account must only have the level of privileges required to perform the defined SCOM actions. An account with full administrative at the domain or enterprise level could be used to breach security boundaries and compromise the endpoint.

ID: SV-237429r643933_rule
Version: SCOM-AC-000007
Severity: High
References: CCI-000213
Updated: 13 days ago

Remediation Templates

Remove the service accounts from these groups and grant appropriate permissions to them. SCOM service account permission documentation can be found at this link: https://kevinholman.com/2019/03/08/scom-2016-security-account-matrix/. Run As accounts that are not being used as SCOM service accounts should be configured to least privileges as well.

The Microsoft SCOM Service Accounts and Run As accounts must not be granted enterprise or domain level administrative privileges.

Description

Remediation Templates

A Manual Procedure