04-05-2012 01:56 AM
Hi,
I have extracted some information from "Veritas Storage Foundation™ and High Availability Solutions Installation and Upgrade Guide" regarding Veritas Storage Foundation High Availability for Windows (SFW HA) as shown below:
Permission requirements for SFW HA
The following permission requirements must be met:
■ You must be a domain user.
■ You must be a member of the Local Administrators group for all nodes where
you are installing.
■ You must have write permissions for the Active Directory objects corresponding
to all the nodes.
■ If you plan to create a new user account for the VCS Helper service, you must
have Domain Administrator privileges or belong to the Account Operators
group. If you plan to use an existing user account context for the VCS Helper
service, you must know the password for the user account.
If I were to create VCS Helper service account, what Winodws priviledge must I give to VCS Helper account? Is Local Administrator priviledge will do? Or must I still give Account Operators priviledge to it?
Any one who has experience in it, please advise.
Thanks a lot.
Solved! Go to Solution.
04-05-2012 05:42 AM
Hi Ctyeo,
The account used for the HADHelper service account can be a normal Domain User account. Nothing special is needed. The permissions that you have listed are needed for the logged in user that is running the Cluster Configuration Wizard (VCW.) The elevated permissions are needed so that VCW can add the required system privileges as needed to the account selected for use as the HADHelper service account.
Here is the output of the "hadhelp /showconfig" that I ran on one of my test clusters. It shows the privileges that VCW adds to the user account that you select.
C:\Users\administrator.SAMGWIN>hadhelper /showconfig
Logon user = samgwin.local\Administrator.
Security ID = S-1-5-21-556456372-698725695-2786787038-500.
The user has following privileges:
* SeTcbPrivilege (Act as part of the operating system).
* SeBackupPrivilege (Back up files and directories).
* SeIncreaseQuotaPrivilege (Adjust memory quotas for a process).
* SeRestorePrivilege (Restore files and directories).
* SeServiceLogonRight (Log on as a service).
'*' denotes permissions required for HADHelper service.
The command completed successfully.
C:\Users\administrator.SAMGWIN>
Thank you,
Wally
04-05-2012 05:42 AM
Hi Ctyeo,
The account used for the HADHelper service account can be a normal Domain User account. Nothing special is needed. The permissions that you have listed are needed for the logged in user that is running the Cluster Configuration Wizard (VCW.) The elevated permissions are needed so that VCW can add the required system privileges as needed to the account selected for use as the HADHelper service account.
Here is the output of the "hadhelp /showconfig" that I ran on one of my test clusters. It shows the privileges that VCW adds to the user account that you select.
C:\Users\administrator.SAMGWIN>hadhelper /showconfig
Logon user = samgwin.local\Administrator.
Security ID = S-1-5-21-556456372-698725695-2786787038-500.
The user has following privileges:
* SeTcbPrivilege (Act as part of the operating system).
* SeBackupPrivilege (Back up files and directories).
* SeIncreaseQuotaPrivilege (Adjust memory quotas for a process).
* SeRestorePrivilege (Restore files and directories).
* SeServiceLogonRight (Log on as a service).
'*' denotes permissions required for HADHelper service.
The command completed successfully.
C:\Users\administrator.SAMGWIN>
Thank you,
Wally
04-16-2012 06:31 AM
Hello
Permissions and rights that are required by the Veritas Cluster Server Helper, or HADHelper, service in Veritas Storage Foundation HA for Windows
http://www.symantec.com/business/support/index?page=content&id=TECH31331
Regards
Vaseem Meer Ali