Noob question

(imported topic written by mistervernon91)

Is it necessary that the BigFix Admin/service account be a member of the Active Directory Domain Admin group if we plan on using a local software distribution tool (e.g. Altiris) to install the agent to our workstations? (e.g… what is the least privileged Active Directory user login that the BigFix Admin can be)

I do understand that it is essential that the BigFix Admin/service account have local Admin privileges on the BF server box; and have the DBOwner role on the (remote) database instance.

Thanks.

(imported comment written by cstoneba)

Your BigFix Admin account does not need to be a domain admin (just an admin on your BigFix Server and DBOwner, like you said). The BESClient.exe process that runs on your endpoints runs as the local system account, so that is how it gets “admin” rights.

(imported comment written by mistervernon91)

Thanks for such a quick response. That was extremely helpful.