Link copied to clipboard
Account Permissions
The following is a list of all the permissions the service account running the Gatekeeper requires:
Permissions | Object |
---|---|
Domain Administrators - Full control System - Full control Authenticated users - Read |
"CN=SpecopsAuthentication,CN=Specops,CN=System,DC=acme,DC=org" (recursively) |
No inherited permissions Specops Authentication Gatekeepers - Full control Domain Administrators - Full control System - Full control |
"CN=SystemData,CN=SpecopsAuthentication,CN=Specops,CN=System,DC=acme,DC=org" |
Create and Delete | classStore objects beneath user objects |
Read |
|
Change and Reset Password | User objects |
Unlock account | User objects |
Change password at next logon | User objects |
List child objects | User objects |
Write |
Mobile attribute on user objects
This allows users to enroll by entering their mobile number, not already set in Active Directory by the administrator.
|