|
|
The Vault Service account is used by Enterprise Vault processes to access the Windows server operating system. The account is shared by all the Enterprise Vault computers in the Enterprise Vault directory. If you are managing multiple Enterprise Vault sites, you can use the same Vault Service account for more than one Enterprise Vault site.
The Vault Service account must be a member of the local Administrators group on each Enterprise Vault computer. The account must be a domain-based Windows security account that belongs to the local Administrators group on all servers in the Enterprise Vault directory. The account password must not be blank. If you create more than one Enterprise Vault site in the same Enterprise Vault directory you must use the same Vault Service account for all sites.
We recommend that you do not make this account a Domain Administrator. It is better to assign required permissions explicitly. This section describes the basic permissions that you need to set for this account. Different types of archiving require additional permissions for the Vault Service account. For details of these, see the section on the type of archiving that you are implementing.
If possible, create the account so that it is in the same domain as the Enterprise Vault computers. If it is necessary for the Vault Service account and the Enterprise Vault computers to be in different domains, create the account so that it is in a domain that is trusted by the Enterprise Vault computers' domain.
Ensure that the Microsoft Message Queue security has been set up to grant the Administrators group access to the Enterprise Vault queues.
At the time the Configuration Wizard runs, the Vault Service account must have access to administrative shares on the SQL Server computer. One way to ensure that access is granted is to make the Vault Service account a local administrator on the SQL Server computer. After the Configuration Wizard has been run you can remove this access, if required. However, on SQL Server 2005 and later, the Vault Service account must continue to have at least permission after configuration.
Unless you assign the SQL system administrator (sysadmin) role to the Vault Service account, you must perform some additional steps before you run the Enterprise Vault Configuration wizard for the first time.
During configuration, you are asked to provide the name and password of the Vault Service account. Enterprise Vault automatically grants the account the following advanced user rights:
Note that you may need to wait for Active Directory replication to complete. The account cannot be used until the replication is complete.
You are recommended to be logged in to the Vault Service account when you install Enterprise Vault. You must be logged in to the Vault Service account when you run the Enterprise Vault configuration wizard.
To create the Vault Service account
On the domain controller, click Start > All Programs > Administrative Tools > Active Directory Users and Computers.
In the left-hand pane of Active Directory Users and Computers, double-click the Domain container.
On the Action menu, click New and then User. The New Object - User screen is displayed.
Complete the New Object - User screen and click Next. The next screen asks for password details.
Enter a password and confirm it. You must set a password; the Vault Service account password cannot be blank.
If you are using Exchange Server 2003, click Next to move to the mailbox server screen and then clear Create an Exchange mailbox.
To add the new Vault Service account to the local Administrators group
More Information