Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Running EVPM with account other than VSA

Created: 23 Aug 2013 • Updated: 23 Aug 2013 | 3 comments
STHN's picture
This issue has been solved. See solution.

Hi folks,

we have a customer here that wants to use an account to run EVPM other than the Vault Service Account.

I already told him several times that it is not supported but he's very keen on doing it.

I told him to grant the second account all permissions that are granted to the VSA, but it doesn't seem to work.

I didn't want him to run SetEVExchangePermissions.ps1 as I don't know what this script does besides granting permissions.

The customer is running EV 10.0.2 and Exchange 2010.

Is there any way to use any other account for EPVM than the VSA?

Does anyone know background about why you should only use the VSA?

Is the VSA affected by running SetEVExchangePermissions.ps1 for any other account?

Thanks in advance!

Comments 3 CommentsJump to latest comment

EdLacey's picture

In the Utilities guide - http://www.symantec.com/docs/DOC6599

It simply says "To ensure the correct permissions, run Policy Manager while you are logged on

as the vault service account"
Ben Watts's picture

Dont forget that the VSA has been given extra permissions during the install of EV:-

Logon as a service
Logon as a Batch file etc
See the following -  http://www.symantec.com/docs/TECH76700

So you need to ensure that they match like for like, plus the new account will need access to SQL and SQL tables (same as VSA) as well as Exchange Permissions if doing ANYTHING to the mailboxes.
I do not see the point of going through all of that simply to have another account with the exact same permissions as the VSA to do the same job, think you are on the right line, push to use the VSA.

Plus if the customer has issues with EVPM and is not running it with the VSA, if they call into Support the first thing we are going to tell them is to run it under the VSA account.

SOLUTION
STHN's picture

Hi Ben,

many thanks! I just had a conversation with the customer and he doesn't want to create another account with the same permission as the VSA.

Thank you and have a nice weekend (:

PMCS GmbH & Co. KG - Consulting und Support für Altiris/SEP/EV und andere Symantec Produkte.
Please take the time and mark this post as solution if it solved your problem - thanks!