SDK Account (necessary rights..)
We're going to deploy SCOM 2012. SQL Cluster will be used to allocate Operational and Datawarehouse databases.
We're creating/preparing the accounts, and we have some doubts:
1) What permission are necesssary to SDK Account? is it necessary a local administrator cluster account or only sql sysadmin rights?
2) What permission are necesssary to SCOM Setup Account? is it necessary a local administrator cluster account or only sql sysadmin rights?
May 15th, 2012 2:25am
1) SDK account:must have local administrative credentials
2) scom setup account:have local administrative credentials on DB server; account must be a member of the
sysadmin server role ; also have access to the master database
Please refer to the following technet document for detail
http://technet.microsoft.com/en-us/library/hh298609.aspx
Roger
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 3:39am
1) SDK account:must have local administrative credentials
2) scom setup account:have local administrative credentials on DB server; account must be a member of the
sysadmin server role ; also have access to the master database
Please refer to the following technet document for detail
http://technet.microsoft.com/en-us/library/hh298609.aspx
Roger
May 15th, 2012 3:39am
Hi,
You can also look at belog blog on OpsMgr security account rights mapping - what accounts need what privileges?
http://blogs.technet.com/b/kevinholman/archive/2008/04/15/opsmgr-security-account-rights-mapping-what-accounts-need-what-privileges.aspx
Thanks,
Varun
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 3:55am
Hi,
the SDK account must have local administrative rights and it should be either a Domain User or Local System and it needs sysadmin rights in SQL and to be more specific it requires the following rights in the OperationsManager
database:
(Db_datareader, Db_datawriter, Db_ddladmin ,Configsvc_user, Dwsynch_users , Sdk_Users, Public)
and in the OperationsManagerDW:
( Db_datareader , OpsMgrReader, Public)
and for the SCOM Action Account should be a domain account, which has local administrative rights and it requires the following rights in the OperationsManager database:
(Db_datareader, Db_datawriter, Db_ddladmin , Dwsynch_users , Sdk_Users, Public)
Oussama Oueslati | System Engineer | vNext Consulting
May 15th, 2012 5:13am
The SDK account does NOT EVER need "sysadmin rights".
The spreadsheet above calls out the "final rights" needed for each account.
If you are preparing accounts, the SDK account should simply be a domain user, no special rights in the domain. Then - on the RMS/MS, the SDK should be a local admin.
Then - the installation (run by a normal actual user account) will provide the rest of the necessary granular rights required to the OS or SQL roles.Kevin Holman http://blogs.technet.com/b/kevinholman
Free Windows Admin Tool Kit Click here and download it now
May 15th, 2012 12:24pm