cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Running FSA as a different account

Go to solution
dabur
Level 2

‎09-15-2008 07:32 AM

Hi,

 

I was wondering, is it possible to configure the FSA it's three services with a different account than the Enterprise Vault service account (Service & Administrator)?

 

Why?

  • The Security and Audit department do not like the usage of an account of which the password is known by the whole ev-team, and thus not knowing who is using that user to access confidential data on the file-servers. (separation of duty + accountability).
  • If now our evault service user is locked out or tampered with, all FSA agents are impacted as well.

 

Greetings,

 

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
TonySterling
Moderator
Moderator
Partner    VIP    Accredited Certified

‎09-15-2008 11:08 AM

Are you talking about the following?

 

  • Enterprise Vault File Placeholder Service
  • Enterprise Vault File Blocking Service
  • Enterprise Vault File Collector Service (used by FSA Reporting) 

    •  

     

    You can also look at using Roles Based Administration, that way you can keep the Admin password limited to few employees and everyone else can use their windows log in to admin EV. 

    View solution in original post

    0 Kudos
    4 REPLIES 4

    Go to solution
    TonySterling
    Moderator
    Moderator
    Partner    VIP    Accredited Certified

    ‎09-15-2008 11:08 AM

    Are you talking about the following?

     

  • Enterprise Vault File Placeholder Service
  • Enterprise Vault File Blocking Service
  • Enterprise Vault File Collector Service (used by FSA Reporting) 

    •  

     

    You can also look at using Roles Based Administration, that way you can keep the Admin password limited to few employees and everyone else can use their windows log in to admin EV. 

    0 Kudos

    Go to solution
    Amit_Gupta
    Level 5
    Employee Accredited Certified

    ‎09-15-2008 10:00 PM

    Yes you can. All you have to do is to assign appropriate roles and operations using Roles Based Administration to the account.
    0 Kudos

    Go to solution
    dabur
    Level 2

    ‎09-16-2008 03:56 AM

    > Enterprise Vault File Placeholder Service

    > Enterprise Vault File Blocking Service

    > Enterprise Vault File Collector Service (used by FSA Reporting) 

     

    Yes, that's correct.

    0 Kudos

    Go to solution
    dabur
    Level 2

    ‎09-16-2008 04:12 AM

    Thanks for the reply.

     

    It's very confusing, because the FSA installation via the enterprise vault mmc only works with the enterprise vault administrator service account. Maybe for the next version to make this choice available (install with other credentials).

     

    So, let's say I want the FSA services to run with "mydomain\server08_fsa_serviceuser". On the evault server, the enterprise vault administrator account is "mydomain\evault_site1_serviceuser".

     

    Is it correct that:

    on my fileserver, "server08", the "mydomain\evault_site1_serviceuser" has to be local administrator (for being able to talk & configure the FSA)?

    on my evserver, the fsa account "mydomain\server08_fsa_serviceuser" has to have the role "File Server Administrator" but also be a member of the "Distributed COM Users" (we had issues with this W2K3 SP1 "update", there's a lot of topic on this forum about that as well) For being able to talk from the FSA to the EVault server?

    0 Kudos