Reference Material | Account Permissions

The following is a list of all the permissions the service account running the Gatekeeper requires:

PermissionScope
Local administratorGatekeeper computer
Service Connection PointGatekeeper computer
Create and DeleteclassStore objects beneath user objects
Read- userAccountControl attribute on user objects
- msDS-User-Account-Control-Computed attribute on user objects
- displayName attribute on user objects
- mail attribute on user objects
- manager attribute on user objects
- mobile attribute on user objects
- objectGUID attribute on user objects
- sAMAccountName attribute on user objects
- userAccountControl attribute on user objects
Change and Reset PasswordUser objects
Unlock accountUser objects
Change password at next logonUser objects
List child objectsUser objects
WriteMobile attribute on user objects

Note: This allows users to enroll by entering their mobile number, not already set in Active Directory by the administrator.
  • Was this Helpful ?
  • Yes   No