12-18-2013 09:06 AM
I'm evaluating SiteScope to monitor a Windows environment (web/data/DC, etc...). My monitoring server is a domain machine. Should the SiteScope service run as a special domain account? Or, should I configure a "Credential Preference" against a unique account and have server access use the credential preference. Is one option more/less secure than the other. Knowing password rotation rules in Windows Server 2008/2012 what option is easiest to manage while remaining as secure as possible. If the SiteScope service starts as a domain account will it natively have visibility into all of the machines in the domain?
Any help would be greatly appreciated.
Solved! Go to Solution.
12-18-2013 09:10 AM
Here is explanation on why I prefer to use remotes connections instead use a service account:
We have observed Windows doesn’t handle connection properly over a period of time, when credentials are not passed. Mainly when cached connection is dead, and re-connect doesn’t work as expected. On the other hand, SiteScope asking Windows to re-connect using specific credentials works pretty well.
Second, Windows doesn’t handle the permission inheritance over a period of time, where-as SiteScope using Remotes passes the specific credentials and hence it is definitely can connect to remote.
Without Remotes, Connection gets the credentials/permission of the process Creating connection, which is nothing but SiteScope.exe and SiteScope.exe inherits the permission from SiteScope service, 3 level of permission inheritance. Hence, we have observed connection errors, especially when connections gets dropped and needs to reconnect and these errors sometimes refers to permission when Remotes are not being used. With Remotes, credentials are always passed and hence, there is no inheritance and if connection gets dropped, SiteScope will ask Widows to re-connect using specific permission.
Though it has been observed with several customer, with smaller installation, Service credentials work perfectly without any issue, but for customer, with large number of Remotes Servers being monitored, run into issues.
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.