Windows Server

Configuring the Veza integration for Windows Server

Overview

The Veza integration for Windows Server comprises an OAA package and a collection of .NET 8.0 applications. These tools discover metadata from a Windows Server host and forward it to a Veza instance. The application package comes as an MSI installer for deployment on Windows Server.

Components

The Veza Windows OAA application includes:

A service that discovers local groups, user accounts, services, and scheduled tasks within the Windows Server OS.
A service to detect Active Directory filesystem permissions on SMB file shares.
A GUI application for configuring discovery services and setting up the Veza connection.

Prerequisites

Windows Server 2012 R2 or newer.
You will need the installation program from Veza, available here

Windows Local Accounts

This service identifies local security principals on the Windows Server host. By default, it detects:

Local user accounts
Local groups
(Optional) Installed services
(Optional) Configured scheduled tasks

Properties

User Properties

Description

cannot_change_password

Indicates if the user's password can't be changed (boolean)

locked_out

Shows if the user account is locked out (boolean)

password_never_expires

Checks if the user's password is set to never expire (boolean)

password_not_required

Checks if the user doesn't need a password (boolean)

type*

Differentiates between local or active directory user accounts (string)

Group Properties

Details

type*

Specifies if the group is local or associated with active directory (string)

Scheduled Task Properties

Details

path

Full path of the scheduled task (string)

state

Current state: Ready, Running, Disabled, etc. (string)

Service Properties

Details

service_account_name

Account used to run the service (string)

start_type

Start type: Automatic, Manual, etc. (string)

status

Current status: Running, Stopped, etc. (string)

Note (*): Local groups on Windows Server can contain both Active Directory subgroups and local user accounts. The type property distinguishes between the two entities.

Windows Files

This service discovers filesystem permissions for specified paths and subdirectories based on the set depth. It primarily identifies:

Filesystem paths
Active Directory users and groups with permissions on each path
Permission inheritance

Limitations

Designed for SMB file shares utilizing Active Directory permissions.
Metadata from security principals that do not correlate to Active Directory users or groups is omitted before sending data to Veza.

Setup and Configuration

Veza Setup

Note down your Veza tenant URL.
Produce an API key: Navigate to Administration > API Keys > Add New API Key.

Installation

Run the Veza.msi installation program and follow the on-screen prompts. By default, the application installs in C:\Program Files\Veza.

Post-installation, open Veza Configuration from the Start menu.

Under the Veza API tab, input your Veza instance URL into Veza URL.
Paste the previously created API key into Veza API Key.
Click Apply.

To verify the successful connection, log in to Veza and open the Integrations page. You should see Windows Server enabled on the list of all integrations.

The installed “Veza for Windows” service needs to run with Administrative privileges.

Local Accounts

In Local Accounts, adjust settings as desired:

Option

Purpose

Enabled

Toggles discovery (check mark to enable discovery)

Discovery Interval

Sets interval between discovery runs (min: 60 minutes)

Include Services

Enables service discovery (optional)

Include Scheduled Tasks

Activates scheduled task data discovery (optional)

Files

In Folders, customize as needed:

Option

Purpose

Enabled

Toggles discovery

Discovery Interval

Time gap between discoveries (min: 120 minutes)

Discovery Threads

Sets concurrent discovery threads

Paths

Use Add Path to specify discovery paths

Advanced

Adjust the service's log level from the drop-down list. By default, logs are saved at C:\Program Files\Veza\Local Accounts\logs\VezaWindows.log and C:\Program Files\Veza\Folders\logs\VezaFiles.log.

PreviousVeza NextWorkato

Last updated 1 month ago

Windows Server

Configuring the Veza integration for Windows Server

Overview

Components

The Veza Windows OAA application includes:

A service that discovers local groups, user accounts, services, and scheduled tasks within the Windows Server OS.
A service to detect Active Directory filesystem permissions on SMB file shares.
A GUI application for configuring discovery services and setting up the Veza connection.

Prerequisites

Windows Server 2012 R2 or newer.
You will need the installation program from Veza, available here

Windows Local Accounts

This service identifies local security principals on the Windows Server host. By default, it detects:

Local user accounts
Local groups
(Optional) Installed services
(Optional) Configured scheduled tasks

Properties

User Properties

Description

cannot_change_password

Indicates if the user's password can't be changed (boolean)

locked_out

Shows if the user account is locked out (boolean)

password_never_expires

Checks if the user's password is set to never expire (boolean)

password_not_required

Checks if the user doesn't need a password (boolean)

type*

Differentiates between local or active directory user accounts (string)

Group Properties

Details

type*

Specifies if the group is local or associated with active directory (string)

Scheduled Task Properties

Details

path

Full path of the scheduled task (string)

state

Current state: Ready, Running, Disabled, etc. (string)

Service Properties

Details

service_account_name

Account used to run the service (string)

start_type

Start type: Automatic, Manual, etc. (string)

status

Current status: Running, Stopped, etc. (string)

Note (*): Local groups on Windows Server can contain both Active Directory subgroups and local user accounts. The type property distinguishes between the two entities.

Windows Files

This service discovers filesystem permissions for specified paths and subdirectories based on the set depth. It primarily identifies:

Filesystem paths
Active Directory users and groups with permissions on each path
Permission inheritance

Limitations

Designed for SMB file shares utilizing Active Directory permissions.
Metadata from security principals that do not correlate to Active Directory users or groups is omitted before sending data to Veza.

Setup and Configuration

Veza Setup

Note down your Veza tenant URL.
Produce an API key: Navigate to Administration > API Keys > Add New API Key.

Installation

Run the Veza.msi installation program and follow the on-screen prompts. By default, the application installs in C:\Program Files\Veza.

Post-installation, open Veza Configuration from the Start menu.

Under the Veza API tab, input your Veza instance URL into Veza URL.
Paste the previously created API key into Veza API Key.
Click Apply.

To verify the successful connection, log in to Veza and open the Integrations page. You should see Windows Server enabled on the list of all integrations.

The installed “Veza for Windows” service needs to run with Administrative privileges.

Local Accounts

In Local Accounts, adjust settings as desired:

Option

Purpose

Enabled

Toggles discovery (check mark to enable discovery)

Discovery Interval

Sets interval between discovery runs (min: 60 minutes)

Include Services

Enables service discovery (optional)

Include Scheduled Tasks

Activates scheduled task data discovery (optional)

Files

In Folders, customize as needed:

Option

Purpose

Enabled

Toggles discovery

Discovery Interval

Time gap between discoveries (min: 120 minutes)

Discovery Threads

Sets concurrent discovery threads

Paths

Use Add Path to specify discovery paths

Advanced

PreviousVeza NextWorkato

Last updated 1 month ago