I'm hoping someone can help with this query as a search of here and google hasnt produced the answer I am looking for.
We are deploying EPO 4.6.3 and require a user account to push install the agents. It will be a standard user with local admin rights (DC's will be installed manually). The question is what deeper rights can be restricted to make this account more secure?
We will be using a massive complex password (20 chars with Aa1! etc) but can we disable Interactive logon for this account and have no issues connecting to the clients and installing the Agent, or getting updates from UNC/FTP distributed repositories or superagents?
I would actually recommend you use a separate account for updating from UNC repositories - one that only has read permissions. With regard to the account used to install, it is only used for the install itself: once installed the agent will run as System, not the admin account.