How to setup Database permissions

If you plan to use Microsoft Windows authentication with your SQL Server instance, you must provision a Microsoft Windows domain account before you install the Symantec Endpoint Encryption Management Server. If you use Microsoft SQL authentication, the installer automatically assigns these rights.

To set up the rights for the database access account:

1. Give the account read and write access to this registry folder: HKLM\Software\Symantec\Endpoint Encryption.
    
2. Give the account read and write access to the log directory. By default the log is stored at:
   
   C:\Program Files(x86)\Symantec\Symantec Endpoint Encryption Management Server\Services\Logs
    
3. Add the Microsoft Windows account in SQL Server login accounts and map it to the Symantec Endpoint Encryption database. It requires the db_datareader, db_datawriter, and public roles on the Symantec Endpoint Encryption database.
    
4. When you run the installer, in the Database Configuration tab you specify the Symantec Endpoint Encryption Management Server account's user name and password for database access through Windows Authentication.

Tip: In addition to the above permissions, the SQL Server service needs to have the proper permissions to be able to use with Symantec Endpoint Encryption.  Local Service will not be enough permissions for Symantec Endpoint Encryption. 

152737 - Minimum Database Permissions for Symantec Endpoint Encryption Administrators

161258 - User and System Accounts Required by Endpoint Encryption

178363 - How to: Set up Database Access Account Rights - Symantec Endpoint Encryption

179347 - HOW TO: Install Symantec Endpoint Encryption Management Server and the Manager on Standard Windows Operating System

174725 - Grant Additional Administrators Access to Endpoint Encryption Manager Server Console

220948 - Symantec Endpoint Encryption Management Server OR Symantec Endpoint Encryption Configuration Manager does not open properly