Permissions required to run the Encryption Anywhere ADAM as a service

Article:TECH151310  |  Created: 2006-07-26  |  Updated: 2007-01-31  |  Article URL http://www.symantec.com/docs/TECH151310
Article Type
Technical Solution


Issue



Permissions required to run the Encryption Anywhere ADAM as a service

Solution



If you use the "Network Service" built-in account to install the ADAM instance (Under Service Account Selection page from ADAM setup) it has enough rights and permission to run ADAM successfully. By default it has "Log on as a service right" on member server.

If you choose to use a different account, you can add/view rights in the following way:
To add the "Log on as a service" right to an account for a Group Policy object, when you are on a workstation or server that is joined to a domain
1. Click Start, point to Run, type mmc, and then click OK.
2. On the File menu, click Add/Remove Snap-in.
3. In Add/Remove Snap-in, click Add, and then, in Add Standalone Snap-in, double-click Group Policy Object Editor.
4. In Select Group Policy Object, click Browse, browse to the Group Policy object (GPO) that you want to modify, click OK, and then click Finish.
5. Click Close, and then click OK.
6. In the console tree, click User Rights Assignment.
Where?
? GroupPolicyObject [ComputerName] Policy
? Computer Configuration
? Windows Settings
? Security Settings
? Local Policies
? User Rights Assignment
7. In the details pane, double-click Log on as a service.
8. If the security setting has not yet been defined, select the Define these policy settings check box.
9. Click Add User or Group, and then add the appropriate account to the list of accounts that possess the Log on as a service right.
Also to be able to create SCP in Active Directory under the computer object that represents the computer on which ADAM is running you have to check permissions on this container (Also by default "Network Service" account has enough rights to create SCP in AD). The "Read and Create All Child Objects" permissions have to be set. You can use "Active Directory Users and Computers" snap-in or ADSI Edit Snap-in. The domain rights are required. You can view this in "How to install and configure ADAM on DC.doc" for ADAM instances group (Pages 24,25 of the Encryption Anywhere Installation Guide)


Legacy ID



805


Article URL http://www.symantec.com/docs/TECH151310


Terms of use for this information are found in Legal Notices