Endpoint Protection

 View Only

  • 1.  Service Accounts In Installing SEP 12

    Posted Apr 12, 2013 03:55 PM

    I have been integrated into Symantec through implementing Altiris (Endpoint Management).  Utilizing best practice, I know that the service account has administrator rights, not only to the NS (Altiris server), but administrator rights to all the nodes the Altiris Agent is going to be installed on.  Utilizing Microsoft SQL, the account for the DB has to have DBO rights.  It has always been suggested that the Altiris Service Account and the DBO account for SQL be the same account to make the installation a bit easier.

    I'm now getting doctrinated into Endpoint Protection.  Understanding best practice, the SQL account is a DBO, and the SEP Service Account has administrator rights to the SEPM server and all nodes receiving the SEP clients.  Is it also recommended that the two accounts, SQL and SEP service, be the same to make the installation, again, "easier'???   I, remember working with a SEP consultant on a different project a while back, and he suggested that when installing SEPM that the account used be the same DBO account.

    Recommendations?  Suggestions?  Solution. 



  • 2.  RE: Service Accounts In Installing SEP 12

    Posted Apr 12, 2013 04:16 PM

    Hi Ra.moddy !

    Indeed what you've heard from the consultant is true.

    In addition I would suggest to have a look on the arcticles below:

     

    SEPM 12.1 Fresh install with SQL database - graphical overview
    http://www.symantec.com/docs/TECH169451

    Best Practices to Backing up a Microsoft SQL Database on Demand from the Symantec Endpoint Protection Manager Console
    http://www.symantec.com/docs/TECH96409

    Best Practices guide for Installing the Symantec Endpoint Protection Manager with a SQL Server 2005 Database
    http://www.symantec.com/docs/TECH104405

    Best Practices guide for Installing the Symantec Endpoint Protection Manager 11 RU5 with a SQL Server 2008 Database
    http://www.symantec.com/docs/TECH96451

    Best Practices guide for moving the Symantec Endpoint Protection Manager SQL Server database from one drive to another on the same machine'
    http://www.symantec.com/docs/TECH106213

    Best Practices guide to moving the Symantec Endpoint Protection Manager SQL Server database from an existing SQL Server database to a new SQL Server database
    http://www.symantec.com/docs/TECH104723

    I hope that helps.

    Cheers!

    Drl



  • 3.  RE: Service Accounts In Installing SEP 12

    Posted Apr 12, 2013 06:09 PM

    Okay Dru.. I read the docs, but I want to be clear, because I have to take my recommendations and request to the Active Directory Team & the SQL DBA when making the account request.

    When requesting an account to install SEP 12 with Microsoft SQL on an "Off-Box", that account should have administrator rights (for access to SEPM server and all nodes) and be a DBO rights to the SQL DB on the SQL server?

    Is there an article that recognize that, because I don't want my justification to be, "for some reason, you have to install SEPM with the SQL DBO account."



  • 4.  RE: Service Accounts In Installing SEP 12

    Posted Apr 13, 2013 12:56 AM

    as per this document it says " Ensure that you have an Administrator account that has "sysadmin" privileges on the SQL server in order to create the database. 


     

    The the new account for the  DBO should have following access.

     Db_datareader
    • Db_datawriter
    • Db_owner
    • Public

     

    http://webcache.googleusercontent.com/search?q=cache:l8VGbVEpM4cJ:www.symantec.com/business/support/index%3Fpage%3Dcontent%26id%3DHOWTO36029+&cd=1&hl=en&ct=clnk&gl=in



  • 5.  RE: Service Accounts In Installing SEP 12

    Posted Jul 16, 2013 10:02 AM

    Granting DB_OWNER + datareader,datawriter,&public is redundant, those are all permissions DB_OWNER grants..