To maintain an appropriate security levels in your Windows Server structure, we recommend you use the three migRaven Servicesthat need to be executed in the context of a service account.
Use migRaven.24/7 solely for the analysis of your data, it is sufficient that the service accounts are authorized to read on the corresponding resources.
Do you want to go with me? migRaven.24/7 If you make changes to the file system and/or Active Directory, the service accounts require correspondingly higher permissions on the resources to be changed.
These service accounts are used both during a new installation and an update of the migRaven.queried 24/7. If it is necessary to change a service account, this must be done via the setup as part of an update.
Please never change these service accounts in the Windows services! In these cases, please contact our support.
When creating service accounts, keep in mind that user login names cannot exceed 20 characters in length.
For the function / services, the rights should be divided accordingly:
- Windows AD user with local administrator rights to run the Admin Client on the migRaven Server & Hosting.
- migRavenDBServiceHost Service account: domain account with local Administrator rights.
To read from and write to the database.
For example: sa_migDB, depending on your naming convention. - migRavenADScanServiceHost Service account: domain account with local Administrator rights. * Possibly extended rights!
AD service account with reading rights to the Active Directory if you migRaven.24/7 analyzer with migRaven.24/7 data retention use, which means no changes are made in AD.
* AD service account with writing rights. If you grant permissions via the migRaven.24/7 Access Manager managed, this account needs at least write permissions in the OU in which the permission groups are created, and it needs write permissions on the accounts that are to become members of these groups.
For example: sa_migAD, depending on your naming convention. - migRavenResource Scan Service Host Service account: domain account with local Administrator rights. ** Possibly extended rights!
For easy analysis of file server resources with the migRaven.24/7 analyzer suffice reading rights on the shares and in the NTFS permissions of the resources to be scanned.
** service account with full access permissions on the shares to be scanned and their NTFS permissions. The service uses Data Retention to create symlinks, set permissions and move data.
For example: sa_migRS, depending on your naming convention.
The Resource Scan Service is included as part of the configuration after installation set up.