Security Information and Tips for ITMS
|Article:HOWTO75157|||||Created: 2012-04-30|||||Updated: 2013-04-14|||||Article URL http://www.symantec.com/docs/HOWTO75157|
SIM Credential – This is the user used to run the Symantec Installation Manager (SIM). This user must be a member of the Administrators group. Either a local or domain administrator will work.
App Identity Credential – This is the user context the console and several other ITMS process run under by default. It is highly recommended that a service account be created for the App Identity credential. The App Identity credential as well as the Classic .NET and DefaultAppPool need to have the “Log On As” A Service right.
Agent Connectivity Credential – This credential is used to download packages over UNC. By default is the same as the App Identity. However this can be setup as a separate credential.
Package Access Credential – This credential is used by the Notification Server to access packages that are not on the local file system. By default is the same as the App Identity. However this can be setup as a separate credential.
Database Access Credential – This credential is used to access and modify the database and requires db_owner rights to the Symantec_CMDB.
There are two good ways to approach preparing for database setup.
1. Create an empty NS database before running SIM. (More secure)
a. The SQL administrator creates an empty NS database and then adds the Database Access Credential to the db_owner role.
b. This allows the SQL administrator to limit the abilities of the Database Access Credential to just the NS database.
2. The SQL administrator adds the Database Access Credential to the dbcreator role on the SQL server.
a. This allows the administrator installing SIM to provide the database name at install time.
Sometimes, you are required to assign the Symantec Administrator role to the Local Administrator user on the computer where you installed the IT Management Suite (ITMS) solutions. This step is required for performing additional tasks in your ITMS environment, such as, upgrading to the latest version of ITMS. You use the Symantec Management Console to grant the Symantec Administrator role to a local administrator user account on the computer where the ITMS solutions are installed.
You could also check the following KBs for further references:
HOWTO32536 “What are the minimum rights requirements that SIM 7 looks for during an installation?”
HOWTO8320 "What SQL rights are needed for the application identity?"
Article URL http://www.symantec.com/docs/HOWTO75157