On any Windows Server 2008 or later system, Senergy requires a certain set of Local Security Privileges to manage storage on the local server. These are granted to the Proxy Rights group, which is itself created during setup and configuration of Senergy; by default, this group is called SenergyProxyRights. The Agent and Event Monitor configuration wizards will attempt to grant the SenergyProxyRights group these privileges on their local server automatically, but when scanning a proxy target, it will typically be necessary to set these privileges manually.
Note that membership in the domain's built-in Administrators group, as well as membership in the local Administrators group for the server, is also required.
These privileges are:
- Access this computer from the network
- Act as part of the operating system
- Back up files and directories
- Bypass traverse checking
- Create a token object
- Create symbolic links
- Impersonate a client after authentication
- Log on as a batch job
- Manage auditing and security log
- Restore files and directories
- Synchronize directory service data (only required on servers running a Senergy Event Monitor)
- Take ownership of files or other objects
Group Policy Objects can be used to set these LSA privileges according to policy. If a GPO already exists that controls these LSA privileges for some or all of a domain, that GPO may prevent administrators from explicitly granting these privileges the SenergyProxyRights group. In this case, the GPO scheme will need to be adjusted appropriately.
Comments
0 comments
Please sign in to leave a comment.