search cancel

What permissions are required for Data Center Security Server Advanced (DCSSA) service account on Windows?

book

Article ID: 174720

calendar_today

Updated On:

Products

Data Center Security Server Advanced

Issue/Introduction

You want to use a dedicated Service Account (SA) to run the Symantec Data Center Security Server Manager service instead of the default 'Local System' account.

In order for the service to function correctly, the Service Account requires specific privileges.

Environment

Customer environments where the use of a Service Account is mandated by a Security Policy.

Resolution

Based on internal testing, the following are the required Service Account properties:

Is DCS service account compatible with Group Managed Service Accounts (GMSA)? Yes
Local administrator rights required on the Management Server machine? Yes
Is used for ‘windows service, scheduled task, IIS, SQL 2012’? Yes
is used for any other service? Yes:

Symantec UMC Credential Service
Symantec UMC Telemetry Service


Password never expires ? Yes
Logon locally ? No
Logon interactively ‘RDP’ ? No
Logon as a service ? Yes
Logon as batch job ? Yes