Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Service Accounts In Installing SEP 12

Created: 12 Apr 2013 | 4 comments

I have been integrated into Symantec through implementing Altiris (Endpoint Management).  Utilizing best practice, I know that the service account has administrator rights, not only to the NS (Altiris server), but administrator rights to all the nodes the Altiris Agent is going to be installed on.  Utilizing Microsoft SQL, the account for the DB has to have DBO rights.  It has always been suggested that the Altiris Service Account and the DBO account for SQL be the same account to make the installation a bit easier.

I'm now getting doctrinated into Endpoint Protection.  Understanding best practice, the SQL account is a DBO, and the SEP Service Account has administrator rights to the SEPM server and all nodes receiving the SEP clients.  Is it also recommended that the two accounts, SQL and SEP service, be the same to make the installation, again, "easier'???   I, remember working with a SEP consultant on a different project a while back, and he suggested that when installing SEPM that the account used be the same DBO account.

Recommendations?  Suggestions?  Solution. 

Operating Systems:

Comments 4 CommentsJump to latest comment

Druzil's picture

Hi Ra.moddy !

Indeed what you've heard from the consultant is true.

In addition I would suggest to have a look on the arcticles below:

SEPM 12.1 Fresh install with SQL database - graphical overview

Best Practices to Backing up a Microsoft SQL Database on Demand from the Symantec Endpoint Protection Manager Console

Best Practices guide for Installing the Symantec Endpoint Protection Manager with a SQL Server 2005 Database

Best Practices guide for Installing the Symantec Endpoint Protection Manager 11 RU5 with a SQL Server 2008 Database

Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine'

Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database

I hope that helps.



ra.moody's picture

Okay Dru.. I read the docs, but I want to be clear, because I have to take my recommendations and request to the Active Directory Team & the SQL DBA when making the account request.

When requesting an account to install SEP 12 with Microsoft SQL on an "Off-Box", that account should have administrator rights (for access to SEPM server and all nodes) and be a DBO rights to the SQL DB on the SQL server?

Is there an article that recognize that, because I don't want my justification to be, "for some reason, you have to install SEPM with the SQL DBO account."

Rafeeq's picture

as per this document it says " Ensure that you have an Administrator account that has "sysadmin" privileges on the SQL server in order to create the database. 


The the new account for the  DBO should have following access.


• Db_datawriter

• Db_owner

• Public

_Ryan_'s picture

Granting DB_OWNER + datareader,datawriter,&public is redundant, those are all permissions DB_OWNER grants..