Jump to content

Recommended Posts

Posted

Hello,

We're redoing our permissions for our services to ensure best security practice and I would like to know what minimum permissions are required for the ESET ERA Server service accounts?

 

  • ESET HTTP Server
  • ESET RA HTTP Server
  • ESET Remote Administrator Server
  • ESET Service
  • ESET SHA Server

Some material says to give Domain Administrator permissions but this is too broad.

 

We have a SCCM instance so endpoint installations will not be using ESET ERA push installations.

 

Regards,

Posted

Hello Staj,

 

If the Remote Administrator (ERA) Server services are configured to use a service account, the service account will need the following permissions:

  • Write permission to Program Files\ESET folder
  • Read/write permission to ProgramData\ESET folder
  • Network access rights
  • Read/write permission to ESET’s HKLM registry
  • Read/write permission for ERA database (either on local system or external database)

Thank you,

ChadH

Posted (edited)

Hello ChadH,

Do these services support Managed Service Accounts (MSAs)? It seems odd that Program Files\ESET only has write permissions? This is my Powershell script so far:

<# ESET Configuration for Environment #>
$ESETServiceAccount = "DOMAIN\exampleuser"
$ESETInstallationDirectory = "%PROGRAMFILES(X86)%\ESET"
$ESETDataDirectory = "%PROGRAMDATA%\ESET"
$ESETRegistryBranch = "HKLM:\"

<# Add NTFS Permissions for ESET Service Account #>
$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule( `
    $ESETServiceAccount, "Write", "Allow" `
)
$ACL = Get-Acl $ESETInstallationDirectory
$ACL.AddAccessRule($Rule)

$Rule = New-Object System.Security.AccessControl.FileSystemAccessRule( `
    $ESETServiceAccount, "Read, Write", "Allow" `
)
$ACL = Get-Acl $ESETDataDirectory
$ACL.AddAccessRule($Rule)


<# Add Registry Rermissions for ESET Service Account #>
$ACL = Get-Acl $ESETRegistryBranch
$Rule = New-Object System.Security.AccessControl.RegistryAccessRule( `
    $ESETServiceAccount, "ReadKey, WriteKey", "Allow" `
)
$ACL.AddAccessRule($Rule)

Regards,

Edited by Staj
  • ESET Support
Posted (edited)

Hello Staj,

 

Some additional information is necessary from your environment to continue troubleshooting your issue. I've sent you a PM with more details. I'll wait for your response.

 

Thank you!

Edited by tmartinez
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...