1 Reply Latest reply on Apr 29, 2015 2:49 AM by scottl

    Analysis Service

    Expert
      We're running the analysis service to gather what applications are running on devices where users have local admin rights.
      Now, initially, this was going to be used to identify what apps are running using elevated rights, but this is useless if they are a local admin, so we're just logging the data and sifting through it manually.

      From there, we will decide whether anything should be elevated or not.

      Now, we provisioned a box to handle the data from 30000 endpoints. Unfortunately it appears none of the .config files (or anything configurable) for that matter allows me to change the drive path for the SQLite DB.

      Are there any methods of changing this that are supported?
      We have a nice dedicated drive waiting for it, except its chewing up our systemdrive space.
        • 1. Re: Analysis Service
          scottl Rookie
          Apologies that this reply may be too late to help.

          1) The analysis service is designed to work when end-users are admins. It doesn't report all apps that are started elevated, it only reports the apps that carry out an operation that would otherwise fail if the app wasn't elevated. You may well see false positives though as quite a lot of apps are coded to try and perform unnecessary elevated operations.

          2) There is no supported method of relocating the database. I haven't tried this, but setting up a windows directory junction via the mklink command line tool to redirect access to the folder to your dedicated drive would probably work.