Jump to content

What permissions are required for ESA

Recommended Posts

Dear ESET,

May I know if the ESA solution is customizable. e.g. My customer tried to install the trial version but it is asking for domain admin account. Can this be installed without using domain account as it is a very powerful account that is sealed.  They can only use a normal account with delegated access. What permissions are required.



Link to post
Share on other sites
3 hours ago, VladimirVladimir said:

Hi there

for ESA installation you need domain admin and schema admin. Schema admin is needed only initially (sometimes schema admin is included in the domain admin).

For more details please check product documentation: LINK



Thanks Vladimir,

Howerver if my customer can only use a normal account with delegated access, what permissions are required? 






Link to post
Share on other sites
  • 1 month later...
  • ESET Staff

You need to use an user which is in Domain Admins and Schema Admins groups.


  • you need to be able e.g. to extend schema, add DNS entry, create AD groups
    • as far as I know, these operations cannot be delegated (if you mean the Delegation of Control Wizard in ADUC) - or do you believe they can be delegated?
  • and that's why there are prerequisites in the installer which check specifically if you are in that groups - they do not check any delegation or actual permissions or ability to do the required operations

But, note that you do not have to use the default Administrator account created while installing the domain.
You can create a new arbitrary user and add that user (temporarily) to the Domain Admins and Schema Admins groups and use that user to install ESA.

To install additional components then (e.g. Windows Logins), you can use the NO_DOMAIN_ADMIN_MODE (while adding the computer accounts to EsaServices manually).

Link to post
Share on other sites
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...