GithubHelp home page GithubHelp logo

Comments (3)

jpassing avatar jpassing commented on June 15, 2024

we need to disable "Generate New Windows logon Credentials"

Generating Windows credentials requires the compute.instances.setMetadata permission on the VM instance or the enclosing project. This permission is part of the Compute Instance Admin and a few other roles. If the VM has an attached service account, generating credentials additionally requires the iam.serviceAccounts.actAs permission on the service account or enclosing project. This permission is part of the Service Account User role.

If want to make sure that users can't generate Windows credentials, make sure that you don't grant them these permissions/roles.

When you connect to a Windows VM using IAP Desktop and haven't configured any credentials yet, you typically see this dialog:

image

Before showing that dialog, IAP Desktop actually checks whether you have the the compute.instances.setMetadata permission -- and if you don't, it won't even show the Generate new credentials option. I guess this is the behavior you're looking for?

is there a way to make the SQL admin authentication as the default and disable the Windows authentication

You can disable SQL Server Windows authentication in the connection settings -- either for individual VMs, zones, or entire projects:

image

But this setting only applies to you, there's currently no way to disable the option for all users of a project.

from iap-desktop.

aymanelbacha avatar aymanelbacha commented on June 15, 2024

hi @jpassing,
Thanks for sharing the above.
Indeed that's what I was looking for, mistakenly putting the compute Instance Admin ROLE, now after changing it to Compute Viewer it has the limited privileges.

from iap-desktop.

jpassing avatar jpassing commented on June 15, 2024

Thanks for confirming, I'll close the issue then.

from iap-desktop.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.