Jump to content

What permissions are required for ESA


Recommended Posts

Dear ESET,

May I know if the ESA solution is customizable. e.g. My customer tried to install the trial version but it is asking for domain admin account. Can this be installed without using domain account as it is a very powerful account that is sealed.  They can only use a normal account with delegated access. What permissions are required.

Thanks

Jin

Link to comment
Share on other sites

  • ESET Staff

Hi there

for ESA installation you need domain admin and schema admin. Schema admin is needed only initially (sometimes schema admin is included in the domain admin).

For more details please check product documentation: LINK

regards

vladimir

Link to comment
Share on other sites

3 hours ago, VladimirVladimir said:

Hi there

for ESA installation you need domain admin and schema admin. Schema admin is needed only initially (sometimes schema admin is included in the domain admin).

For more details please check product documentation: LINK

regards

vladimir

Thanks Vladimir,

Howerver if my customer can only use a normal account with delegated access, what permissions are required? 

 

Thanks

Jin

 

 

Link to comment
Share on other sites

  • 1 month later...
  • ESET Staff

You need to use an user which is in Domain Admins and Schema Admins groups.

Because:

  • you need to be able e.g. to extend schema, add DNS entry, create AD groups
    • as far as I know, these operations cannot be delegated (if you mean the Delegation of Control Wizard in ADUC) - or do you believe they can be delegated?
  • and that's why there are prerequisites in the installer which check specifically if you are in that groups - they do not check any delegation or actual permissions or ability to do the required operations

But, note that you do not have to use the default Administrator account created while installing the domain.
You can create a new arbitrary user and add that user (temporarily) to the Domain Admins and Schema Admins groups and use that user to install ESA.

To install additional components then (e.g. Windows Logins), you can use the NO_DOMAIN_ADMIN_MODE (while adding the computer accounts to EsaServices manually).

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...