How to grant the minimum but necessary privileges to a user which is application maintainer on Windows Servers?

Donny Yuan 40 Reputation points
2023-05-23T00:42:57.3866667+00:00

The user should have the stop/start/modify/install/uninstall/upgrade specific application.

How to grant the minimum but necessary privileges to the user? Which groups or other control method?

Looking forward to the best answers.

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,595 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,101 Reputation points
    2023-05-23T11:07:55.6566667+00:00

    Hello,

    The minimum level of permissions will highly depend on the maintenance tasks. For instance: backup, start/stop services, access to system drive or just storage drives, network access or just local, domain permissions...

    All in all, you can review your tasks and needs, and apply the methodology of "Least-Privilege model as documented by Microsoft. The next article will explain the foundations of this security model, as well different GPO, Default groups, and other security like RBAC that can help you make a solid plan:

    https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-least-privilege-administrative-models

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments