Hello
The Question is about the Check Point Identity Awareness Software Blade and AD Query. This allows our firewall to identify the users of network traffic. We use WMI events form the Domain Controllers for that. The standard procedure is to create a user with Domain Administrator rights.
Because we do not want that this specific account has domain administrator privileges we would like to follow the procedure described in the Check Point Knowledgebase: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk43874
I am really unsure if we should do that. I cannot estimate the risk that this procedure poses.
What do you think about it?
Stefan