NOTE: All ports need to be open (incoming/outgoing) with the exception of the Workstation Logon agent which only needs to be outgoing on the workstation's firewall and incoming on the Active Administrator Server. Figure 1 displays an example of how communication is achieved through the specified ports. |
• |
• |
• |
• |
IMPORTANT: It is recommended that you only use the Web Console internal to the network. If you want to use the Web Console externally, use HyperText Transfer Protocol Secure (HTTPS) by enabling Secure Sockets Layer (SSL). You need to select a certificate, which must be installed in the Personal or My store on the local computer. The default port is 9443. See the Web Console User Guide for more instructions on configuring the Web Server. |
When choosing an account, keep these requirements in mind:
• |
Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. For more detailed permission requirements, see Active Administrator module requirements. |
• |
Active Administrator Data Services (ADS) requires an account that is a member of the AA_Users group, has read access to the enterprise, and has full access on the server where the Active Directory Health Analyzer agent is installed. For more detailed permission requirements, see Active Administrator Data Services (ADS) requirements. |
2 |
Use Group Policy Management console (GPMC) to edit the Default Domain Controller Group Policy Object. Give the user account User Rights to Manage auditing and security log. |
3 |
On the target domain controllers, give the user account Read permission to the registry key: HKLM\System\CurrentControlSet\Services\Eventlog\Security. |
4 |
NOTE: For more detailed instructions, see https://support.quest.com/active-administrator/kb/209446/how-to-configure-a-non-domain-admin-audit-agent-service-account. |
For all Active Administrator® modules to operate properly, the Active Administrator Foundation service (AFS) requires an account that is a member of the Domain Admins group. However, you may want to customize access to each module for console users or the AFS account. See the Quest® Active Administrator® 8.7 Install Guide for the specific permissions required for operation of each module and submodule.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center