Securing user accounts
Published: December 16, 2009
Applies To: Forefront Client Security
User access to Client Security can be divided into the following areas:
Client Security console access
MOM Operator console access
MOM Administrator console access
Report Manager access
It is recommended that you carefully control which users have access to these areas and assign each user to the role that provides the minimum permissions necessary for the user to perform required tasks.
Client Security administrative tasks can be assigned to a small set of roles. Based on each user's responsibilities, these roles divide access to the areas listed previously.
For a detailed discussion of Client Security user roles and minimum permissions required to fulfill each role, see Working with user roles (http://go.microsoft.com/fwlink/?LinkID=86555).
For information about user access for prerequisite software, see the following topics:
Managing Permissions and Security for Reporting Services (http://go.microsoft.com/fwlink/?LinkId=87123)
Access the WSUS Administration Console (http://go.microsoft.com/fwlink/?LinkId=87128)
To protect any user account, it is recommended that you use strong authentication credentials. If you use passwords to authenticate users accessing either console on the management server, be sure to follow best practices for creating strong passwords. For more information about creating strong passwords, see Strong Passwords (http://go.microsoft.com/fwlink/?LinkId=67007).