jinlei801011 2 Posted August 23, 2017 Share Posted August 23, 2017 Dear ESET, May I know if the ESA solution is customizable. e.g. My customer tried to install the trial version but it is asking for domain admin account. Can this be installed without using domain account as it is a very powerful account that is sealed. They can only use a normal account with delegated access. What permissions are required. Thanks Jin Link to comment Share on other sites More sharing options...
ESET Staff VladimirVladimir 14 Posted August 23, 2017 ESET Staff Share Posted August 23, 2017 Hi there for ESA installation you need domain admin and schema admin. Schema admin is needed only initially (sometimes schema admin is included in the domain admin). For more details please check product documentation: LINK regards vladimir Link to comment Share on other sites More sharing options...
jinlei801011 2 Posted August 23, 2017 Author Share Posted August 23, 2017 3 hours ago, VladimirVladimir said: Hi there for ESA installation you need domain admin and schema admin. Schema admin is needed only initially (sometimes schema admin is included in the domain admin). For more details please check product documentation: LINK regards vladimir Thanks Vladimir, Howerver if my customer can only use a normal account with delegated access, what permissions are required? Thanks Jin Link to comment Share on other sites More sharing options...
ESET Staff VladimirVladimir 14 Posted October 4, 2017 ESET Staff Share Posted October 4, 2017 You need to use an user which is in Domain Admins and Schema Admins groups. Because: you need to be able e.g. to extend schema, add DNS entry, create AD groups as far as I know, these operations cannot be delegated (if you mean the Delegation of Control Wizard in ADUC) - or do you believe they can be delegated? and that's why there are prerequisites in the installer which check specifically if you are in that groups - they do not check any delegation or actual permissions or ability to do the required operations But, note that you do not have to use the default Administrator account created while installing the domain. You can create a new arbitrary user and add that user (temporarily) to the Domain Admins and Schema Admins groups and use that user to install ESA. To install additional components then (e.g. Windows Logins), you can use the NO_DOMAIN_ADMIN_MODE (while adding the computer accounts to EsaServices manually). Link to comment Share on other sites More sharing options...
Recommended Posts