"Required Active Directory Groups for ACC Service Account"
Question
The ACC service account must be a member of which two groups in the Active Directory to provide the minimum level of required access? (Choose two.)
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.AC.
The ACC (Application Configuration Console) service account is a service account used by the VMware Workspace ONE Unified Endpoint Management (UEM) solution to perform certain administrative tasks. In order to provide the minimum level of required access, the ACC service account must be a member of two specific groups in the Active Directory.
The two groups that the ACC service account must be a member of are:
Event log readers: This group is used to grant read access to the event logs on the devices that are managed by the Workspace ONE UEM solution. The Workspace ONE UEM solution uses the event logs to track device activities and to generate reports. By adding the ACC service account to the Event log readers group, the solution can read the event logs and perform these administrative tasks.
Domain admin: This group is used to grant administrative privileges to the Workspace ONE UEM solution. By adding the ACC service account to the Domain admin group, the solution can perform a wide range of administrative tasks, such as creating and managing user accounts, managing domain policies, and modifying domain settings.
It is important to note that the Domain admin group should only be used if the minimum level of access is required. In general, it is recommended to follow the principle of least privilege and provide the ACC service account with only the necessary permissions to perform its required tasks.
Therefore, the correct answers to the question are:
B. Event log readers C. Domain admin
