|
Post by maarten on Sept 9, 2019 9:13:03 GMT
Can the AD authentication be used with a service account instead of asking the interactive user for login credentials? Like you can do with the MDT UDI wizard for instance?
I would not mind using the (restricted) rights of a service account to e.g. do the check for existing computername in AD. Instead of requiring the tech logon.
Is this possible currently? I looked over the manual but could not find anything that looked like that. Could it be added?
thanks
Maarten
|
|
|
Post by Jason on Sept 13, 2019 15:46:37 GMT
Can you expand a little bit more on what you want to achieve with this service account; i.e., if you aren't asking the user to authenticate, what's the point of having a service account at all? Just trying to understand what you are asking for and why.
|
|
|
Post by maarten on Sept 27, 2019 5:51:40 GMT
Well, you give us the option to configure access to AD but the technician needs to sign in with his credentials in order to get that to work. I don't want that login, I want to configure a service account (just to give it a name) so my UI++ wizard has access to AD, but without bothering my techies with logon requirements. I know that is less secure. I just wanted to check if it was possible or not.
|
|
|
Post by Jason on Oct 2, 2019 1:10:36 GMT
Technical possible? Sure. Something I would ever enable? No, for exactly the reason that you state: security. There simply is no way to securely store the password for use by UI++ (or any local process for that matter).
My suggestion here is to use a web service and the ExternalCall action to make a call to that web service to perform whatever check you would like. This moves that check and the storage of the necessary credentials to a server-side IIS application which can properly protect those credentials.
|
|