This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Local Admin

We've recently had to remove the ARS svc account from the local admin of the server, but this causes the service account to fail with an access denied. If there a minimum amount of granular perms required to offset the need for a local admin? thanks!

Parents

0 ssathue over 8 years ago

Perhaps I'm confused prior to my morning coffee...

Is not the ARS admin service account a Domain Admin and, therefore, would have permission to the entire domain regardless of where the ARS service were installed? Further, unless you go out of your way to complicate things, Domain Admins would already be a member of the ARS server's "Administrators" group.

That's how we have configured anyway, i.e.
* ARS service account = domain admin account
* ARS Standalone host(s) with "registry security removed" (as in my previous post)
Cancel
Up 0 Down

Cancel

Reply

0 ssathue over 8 years ago

Perhaps I'm confused prior to my morning coffee...

Is not the ARS admin service account a Domain Admin and, therefore, would have permission to the entire domain regardless of where the ARS service were installed? Further, unless you go out of your way to complicate things, Domain Admins would already be a member of the ARS server's "Administrators" group.

That's how we have configured anyway, i.e.
* ARS service account = domain admin account
* ARS Standalone host(s) with "registry security removed" (as in my previous post)
Cancel
Up 0 Down

Cancel

Children

No Data