Permissions for Clearwell Service Account for EV
Clearwell is being installed at an account I support. Symantec is doing the install, but they are having touble with the account that gives Clearwell access to EV and I suppose the accounts that run services as well.
Do I just need to assign permissions to this account as stated below. Are all pemissions needed like SQL?
The VSA must belong to the Local Administrators group on all Enterprise Vault servers
The installation script does this. Do I need to add these manually?·
- Log on as a service
- · Act as part of the operating system
- · Debug programs
- · Replace a process-level token
- · Log on as a batch job ·
The VSA must have Full Control permissions (both NTFS and Share) on the PST Holding folder, and it is recommended that this folder be located on the Enterprise Vault server.
The VSA’s requirements in SQL Server
Note: Granting the sysadmin server role to the VSA covers all of the necessary permissions. Read on for the least-privilege requirements.
· The VSA must have a SQL login with the following permissions to the SQL server (instructions):
Server role: dbcreator
Server permission: View server state
· The VSA also requires the following rights on the msdb system database (instructions):
Select permissions on the sysjobs, sysjobschedules, sysjobservers, and sysjobsteps tables.
SQLAgentUserRole database role
The VSA’s requirements in Exchange
· The VSA requires full access to all mailboxes and public folders. Choose one of the following options:
· For Exchange 2003 and earlier, grant the permissions manually using Exchange System Manager (instructions).
· For Exchange 2007 and later, grant the permissions using the PowerShell script included on the Enterprise Vault media (instructions).
· For any version of Exchange, grant the permissions manually using ADSIEdit (list of the required permissions).
· If archiving from Exchange 2010, the VSA is required to have its own mailbox with a custom Throttling Policy (instructions).
(Note that the mailbox receiving this Throttling Policy is the mailbox associated with the VSA, not the EV System Mailbox discussed below. They are separate mailboxes.)
· In a multiple-domain environment, the VSA must be able to access all domains associated with any Exchange Servers that are to be archived (further details and examples).
· The VSA should not be a member of the built-in Exchange Organization Administrators group.
Thanks for any help