Comments (3)
we need to disable "Generate New Windows logon Credentials"
Generating Windows credentials requires the compute.instances.setMetadata
permission on the VM instance or the enclosing project. This permission is part of the Compute Instance Admin and a few other roles. If the VM has an attached service account, generating credentials additionally requires the iam.serviceAccounts.actAs
permission on the service account or enclosing project. This permission is part of the Service Account User role.
If want to make sure that users can't generate Windows credentials, make sure that you don't grant them these permissions/roles.
When you connect to a Windows VM using IAP Desktop and haven't configured any credentials yet, you typically see this dialog:
Before showing that dialog, IAP Desktop actually checks whether you have the the compute.instances.setMetadata
permission -- and if you don't, it won't even show the Generate new credentials option. I guess this is the behavior you're looking for?
is there a way to make the SQL admin authentication as the default and disable the Windows authentication
You can disable SQL Server Windows authentication in the connection settings -- either for individual VMs, zones, or entire projects:
But this setting only applies to you, there's currently no way to disable the option for all users of a project.
from iap-desktop.
hi @jpassing,
Thanks for sharing the above.
Indeed that's what I was looking for, mistakenly putting the compute Instance Admin ROLE, now after changing it to Compute Viewer it has the limited privileges.
from iap-desktop.
Thanks for confirming, I'll close the issue then.
from iap-desktop.
Related Issues (20)
- Provide a way to change the default profile. HOT 5
- Unable To Add Project I Don't Own HOT 4
- Feature request: specify local port number for SSH tunnels. HOT 3
- Enhancement request: selecting VM on left panel brings it to focus on right panel HOT 2
- Getting "System ran out of resources. Consider disabling bitmap caching." after >~3 concurrent sessions open HOT 4
- SSH: Prompt for username, password when not specified in connection settings HOT 9
- Authentication using Microsoft Account HOT 2
- Using IAP Desktop to create the tunnel for VSCode Remote development HOT 1
- Cannot SSH to a compute engine VM with IAP-Desktop HOT 2
- Filles download option for IAP Windows VM HOT 1
- Recommendations to harden IAP access and jumpbox server (Windows Server)
- SSH Username Field Does Not Allow Period Character HOT 3
- Cannot access google cloud project HOT 2
- Feature Request: Add equivalent option for "mstsc.exe /admin" switch HOT 7
- Not able to paste from clipboard into windows server in IAP desktop HOT 3
- System.OutOfMemoryException HOT 2
- Organization-based VM Access Filtering HOT 2
- Feature Request - Allow Files/Folder Drag and Drop for Windows RDP HOT 1
- How can we manage projects? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from iap-desktop.