cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 7

Does a user like scriptuser need to have Admin level 32?

I was told by one of the McAfee Engineer, that Scriptuser should have Admin level 32?. Is this really needed. What Admin rights should the scriptuser be provided (or not provided with). I'm concerned about any security implications that can arise by misuse of this user (though we has the password and save in the respective .ini file). Some somebody shed light on the permissions and admin levels pls.

Thanks

6 Replies
Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Does a user like scriptuser need to have Admin level 32?

The script user needs all the rights necessary to run the commands you are using - so it's not as simple as "it needs x,y,z" etc. It also needs a high enough admin level (obviously "1" is not going to cut it). For example, all machines are level 1 so if you have a script which only works with machines, a level 2 scriptuser may be sufficient.

It certainly does not need level 32, all rights though, but that certainly removes the problem of "permission denied".

The best thing to do is to test the commands you want to use with the .exe version of the API, and of course, to have proper error handling for permission issues.

Highlighted
Level 7
Report Inappropriate Content
Message 3 of 7

Re: Does a user like scriptuser need to have Admin level 32?

Thanks for the update. So If I have all the machines at admin level 1, support team at 10, admin at 32 and scriptuser at 31. Would that satisfy the security hierarchy. Are there any security implications with Scriptuser having 31 - admin level?. Some users have local admin previliges to laptop.

Highlighted
Reliable Contributor
Reliable Contributor
Report Inappropriate Content
Message 4 of 7

Re: Does a user like scriptuser need to have Admin level 32?

it means the scriptuser account will be able to modify any user account?

As I said above though, without analyzing what you are using the scriptuser for, who can tell?

Highlighted
Level 7
Report Inappropriate Content
Message 5 of 7

Re: Does a user like scriptuser need to have Admin level 32?

We predominently use scripts for password reset (for SSO), few scripts for creating machine groups, user groups, provision users (from a flat file - exported AD users), disable support ids.

Highlighted

Re: Does a user like scriptuser need to have Admin level 32?

Give regular users lower security levels. Then just use one notch higher for your scripting account.

But pay attention to permission sets for various tasks. Again, you just need to enable some permissions, only those that are neccessary for job to be done.

Run scripts on secured systems, or encrypt/compile your scripts to hide credentials.

Highlighted
Level 7
Report Inappropriate Content
Message 7 of 7

Re: Does a user like scriptuser need to have Admin level 32?

Thanks Simon & Peter.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community