Preventing unauthorized administrative access
In addition to assigning users to appropriate roles, it is important to prevent the unauthorized or inappropriate use of administrative access. What follows is an explanation of how an attacker can gain rights on Configuration Manager:
- An attacker can alter Configuration Manager security through Active Directory. Configuration Manager roles are assigned to Active Directory users and groups. Anyone who gains the requisite Active Directory privileges can add themselves to a group or can reset the password of a user account to get access to Configuration Manager.
- An attacker can alter Configuration Manager security by directly modifying a Role Based Administration (RBA) object in the site database.
- An attacker ...