NOTE: All ports need to be open (incoming/outgoing) with the exception of the Workstation Logon agent which only needs to be outgoing on the workstation's firewall and incoming on the Active Administrator® Server. Figure 1 displays an example of how communication is achieved through the specified ports. |
• |
• |
• |
• |
• |
To install Active Administrator®, a user must hold administrative rights on the local system and the SQL instance that will host the Active Administrator database. |
Active Administrator® can restore passwords when you restore accounts that were deleted. To enable password recovery, a minor modification is made to the Schema. To be able to modify the Schema, you must use an account that is a member of the Schema Admins group.
The Domain Administrator account provides the necessary permissions for the various Active Administrator® services to operate properly.
When choosing an account, keep these requirements in mind:
• |
2 |
Use Group Policy Management console (GPMC) to edit the Default Domain Controller Group Policy Object. Give the user account User Rights to Manage auditing and security log. |
3 |
On the target domain controllers, give the user account Read permission to the registry key: HKLM\System\CurrentControlSet\Services\Eventlog\Security. |
4 |
NOTE: For more detailed instructions, see https://support.quest.com/active-administrator/kb/209446/how-to-configure-a-non-domain-admin-audit-agent-service-account. |
For all Active Administrator® modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. This section details the permissions required for operation of each module and submodule.
• |
• |
© 2023 Quest Software Inc. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy