Context:
- Enterprise IT environment
- 3000+ Virtual Machines running various editions of Windows Server (the client)
- Vendor specific application which uses WMI to query the Windows Servers for information, logs into server and runs PowerShell scripts.
- Application itself is a Windows service running on one specific VM (the service host), running as a domain user with local administrator privileges across the domain (the service account)
Security Requirement:
- When the service account is used to run login to client systems, the login should only be authorised if the request came from the service host (whether by IP address or other identification)
i.e. if another computer used the same username/password, it should either be rejected or raise some kind of alert in the Windows Event Log that can be monitored.
Is this at all feasible?