Can anyone help with ‘best practice’ around having a centralized server that has access to an entire server estate via WinRM, the idea is that we can do reporting on the various elements of the estate and in general manage it this way.
My issue is how I correctly permission a user account that will be scheduled to run some of these reports, the reports themselves need WMI access etc. I’ve done a bit of reading up and as I don’t want to assign it the admin privilege, it looks like this could get complicated. Just wondering if there is someone out there who has been through this? Is it best to use constrained endpoints?