No, domain administrator credentials are not required. Movere only requires an account with local administrator privileges on the Windows device(s) the console is being run from and devices being targeted. While many customers use credentials that are a member of the domain administrators group, this level access is not required. If the device being targeted does not have a local administrator account that can be leveraged, then domain administrator credentials can be used or a dedicated Movere service account created and added to the Local Administrators Group on each targeted endpoint using Active Directory Group Policy. We recommend using a dedicated service account to avoid locking out the administrators account when a scheduled scan fails to start after they reset their password.
Articles in this section
- Movere Access Tooling
- Scheduling a Windows Rescan
- ARC Scanning Windows Manually
- Terminating a Windows ARC Scan
- Testing Windows 443 Connectivity
- Running Movere Without Domain Administrator Privileges
- Scanning a Windows Subnet
- Uploading ARC Payloads via the Console
- Does Movere query the Windows Common Information Model?
- Does Movere query the Windows registry?