If you plan to use Microsoft Windows authentication with your SQL Server instance, you must provision a Microsoft Windows domain account before you install the Symantec Endpoint Encryption Management Server. If you use Microsoft SQL authentication, the installer automatically assigns these rights.
To set up the rights for the database access account:
- Give the account read and write access to this registry folder: HKLM\Software\Symantec\Endpoint Encryption.
- Give the account read and write access to the log directory. By default the log is stored at:
C:\Program Files(x86)\Symantec\Symantec Endpoint Encryption Management Server\Services\Logs
- Add the Microsoft Windows account in SQL Server login accounts and map it to the Symantec Endpoint Encryption database. It requires the db_datareader, db_datawriter, and public roles on the Symantec Endpoint Encryption database.
- When you run the installer, in the Database Configuration tab you specify the Symantec Endpoint Encryption Management Server account's user name and password for database access through Windows Authentication.
Tip: In addition to the above permissions, the SQL Server service needs to have the proper permissions to be able to use with Symantec Endpoint Encryption. Local Service will not be enough permissions for Symantec Endpoint Encryption.