search

elastic / elastic-agent

Elastic Agent - single, unified way to add monitoring for logs, metrics, and other types of data to a host.
Other
21 stars 144 forks source link

Elastic Agent should create a virtual account on Windows in unprivileged mode #6089

Open strawgate opened 2 days ago

strawgate commented 2 days ago

Describe the enhancement: Right now in unprivileged mode, Elastic Agent creates a normal Windows user with a random password and then modifies local security policy to restrict login and prevent the password from expiring.

We should consider switching to creating a virtual account on Windows https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-service-accounts#virtual-accounts -- Virtual accounts have no password, are not subject to local system password age or complexity restrictions and cannot log in interactively, which would simplify administration.

I believe creating a virtual account is done automatically when a service is registered with no password and a username that starts with NT Service\ so this may be a bit simpler than our current approach.

elasticmachine commented 2 days ago

Pinging @elastic/elastic-agent-control-plane (Team:Elastic-Agent-Control-Plane)