To maintain an appropriate security levels in your Windows Server structure, we recommend you use the three migRaven servicesthat need to be executed in the context of a service account.
Use migRaven.24/7 solely for the analysis of your data, it is sufficient that the service accounts are authorized to read on the corresponding resources.
Do you want to go with me? migRaven.24/7 If you make changes to the file system and/or Active Directory, the service accounts require correspondingly higher permissions on the resources to be changed.
These service accounts are used both during a new installation and an update of the migRaven.queried 24/7. If it is necessary to change a service account, this must be done via the setup as part of an update.
Please never change these service accounts in the Windows services! In these cases, please contact our support.
When creating service accounts, keep in mind that user login names cannot exceed 20 characters in length.
For the function / services, the rights should be divided accordingly:
- Windows AD user with local administrator rights to run the Admin Client or on the migRaven Server & Hosting.
- migRavenDBServiceHost Service account: domain account with local Administrator rights.
To read from and write to the database.
Example: Your naming convention followed by migRavenDBSH - migRavenADScanServiceHost Service account: domain account with local Admin rights.
AD service account with read rights to the Active Directory if you migRaven.24/7 analyzer with migRaven.24/7 data retention use, which means no changes are made in AD.
AD service account with write rights. If you have permissions via the migRaven.24/7 Access Manager managed, this account needs at least write permissions in the OU in which the permission groups are created, and it needs write permissions on the accounts that are to become members of these groups.
Example: Your naming convention followed by migRavenADSH - migRavenResource Scan Service Host Service account: domain account with local Admin rights.
For easy analysis of file server resources with the migRaven.24/7 analyzer sufficient read rights on the shares and in the NTFS permissions of the resources to be scanned.
Service account with full access permissions on the shares to be scanned and their NTFS permissions. The service uses data retention to create symlinks, set permissions and move data.
Example: Your naming convention followed by migRavenRSSH
The Resource Scan Service is included as part of the configuration after installation set up.