What permissions are required for Data Center Security Server Advanced (DCSSA) service account on Windows?
search cancel

What permissions are required for Data Center Security Server Advanced (DCSSA) service account on Windows?

book

Article ID: 174720

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

You want to use a dedicated Service Account (SA) to run the Symantec Data Center Security Server Manager service instead of the default 'Local System' account.

In order for the service to function correctly, the Service Account requires specific privileges.

Environment

Customer environments where the use of a Service Account is mandated by a Security Policy.

Resolution

Based on internal testing, the following are the required Service Account properties:

Is the DCS:SA service account compatible with the Group Managed Service Accounts (gMSA)? Yes*
Note: The DCS:SA services must be first installed for a standard Windows service account, and can then be switched to run as a gMSA.

Local administrator rights required on the Management Server machine? Yes
Is used for ‘windows service, scheduled task, IIS, SQL 2012’? Yes
is used for any other service? Yes:

Symantec UMC Credential Service
Symantec UMC Telemetry Service


Password never expires ? Yes
Logon locally ? No
Logon interactively ‘RDP’ ? No
Logon as a service ? Yes
Logon as batch job ? Yes

Note: The DCS:SA 6.10 Management Server service and the Communication Server service can be run as a gMSA only if you have configured the services to use gMSA after the DCS:SA 6.10 installation.

Powered by Wolken Software