Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
MMartin
Frequent Visitor

Security of Local Administrator view all Report Server

‎11-21-2019 01:42 AM

A user who is not registered in the Power Bi Server product, or in the "Site Configuration" section, or in the "Administration" section of any folder. That is, in the face of the Power Bi Server product it does not exist. No one has given him access to enter and see.
Therefore it has no user on the platform or in the root / home folder or in another folder.

When you pass the link of the Power BI Report Server platform, you see EVERYTHING. Folders, subfolders, reports etc ...

Trying to find out what was happening, we see that this user is "Domain Admin" of the local domain where this server is and also is "Local Administrator" of the server where this product is installed.

Is there any way to fix this?

Message 1 of 2
1,005 Views
0
1 REPLY 1
d_gosbell
Super User
Super User

‎11-21-2019 04:01 PM

Under the gear menu in the top right of the portal you will find Site Settings and in the security section I think you will find that Builtin\Administrators is added as a System Administrator. You could try removing this (making sure to add yourself or other appropriate users or groups first). I can't remember if this gives view access by default. The other way they might get access is through a group being added to the security settings of your folders. It could even be a group nested inside another group. So you may not see the individual name added directly.

 

The other consideration here is that this user should probably not be using such a high priviledged account for day to day activities like running reports. At our work we have secondary "admin" accounts for doing IT admin work. So I log in to my PC with my normal account which has no special rights on the domain or any server. Then if I need to do admin work on a server I remote desktop to that server using my special "admin" account. In this way if my machine gets a virus or my account gets hacked the attacker cannot comprimise the domain or any of the servers.

Message 2 of 2
948 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All