Permissions considerations for the Symantec Mail Security for Microsoft Exchange service account

Article:TECH123108  |  Created: 2010-01-09  |  Updated: 2014-05-06  |  Article URL http://www.symantec.com/docs/TECH123108
Article Type
Technical Solution


Issue



During installation on an Exchange server with the Exchange 2010 or 2013 Mailbox role, Symantec Mail Security for Microsoft Exchange (SMSMSE) prompts for a Windows service account.  The Windows service Symantec Mail Security for Microsoft Exchange is configured to run with this Windows account. What are the requirements for this user account?


Environment



  • Exchange 2010 or 2013 with the Mailbox role

Cause



In order to access some scanning features on an Exchange 2010 or 2013 mailbox server, SMSMSE must have a service account with appropriate rights.


Solution



When SMSMSE is installed on an Exchange 2010 or 2013 Mailbox Server a domain account is used as the service account running the Symantec Mail Security for Microsoft Exchange service.

NOTE:  It is possible to configure the service with a LOCAL SYSTEM account instead of a domain account.  See the following article for details: How to run the Symantec Mail Security for Microsoft Exchange (SMSMSE) service account as LOCAL SYSTEM instead of a Windows domain account on Exchange 2010 Mailbox role.

The domain user account requires the following rights for proper operation:

    • Member of the Active Directory Exchange Organization Management security group.
    • Member of the Administrators group on the computer where SMSMSE is installed.
    • Have Log on as a service right on the computer where SMSMSE is installed. This right should be assigned by the SMSMSE installer.
    • Have the Application Impersonation right. This right should also be assigned by the SMSMSE installer.
    • Member of the Active directory SMSMSE Admins security group.

References

The following documents detail the behavior that you are likely to see if these rights are not assigned and show how to assign the rights, if needed.

Technical Information

The SMSMSE Utility service runs under the Local System account.


 



Legacy ID



2010020915270354


Article URL http://www.symantec.com/docs/TECH123108


Terms of use for this information are found in Legal Notices