Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Interactive Service Account Requirements for Dell Security Management Server

Summary: Interactive service account requirements must be met for Dell Security Management Server.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content


Instructions

Dell Security Management Server and Dell Security Management Server Virtual require an interactive service account to authenticate users. It is also used to connect to Active Directory, connect to SQL, and write to Windows folders.

Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual

Interactive service accounts are required for Dell Security Management Server. Dell Security Management Server or Dell Security Management Server Virtual performs Active Directory authentication by using an interactive service account. Dell Security Management Server instances may require a separate interactive service account if Windows-based authentication is performed to a Microsoft SQL server for database access. For more information, select the requirements for Active Directory Interactive Service Accounts or for Microsoft SQL Interactive Service Accounts.

Requirements for Active Directory Interactive Service Accounts

The account that is being defined per-domain within the Dell Security Management Server or Dell Security Management Server Virtual must comply to the following:

  • The defined Active Directory account must have read access to any organizational units in which users exist.
    • This includes the entire tree to that organizational unit.
  • The defined Active Directory account must be able to log in to the Dell Security Management Server or Dell Security Management Server Virtual as a service.

How the action is performed:

Dell Security Management Server and Dell Security Management Server Virtual leverage a defined Active Directory account. This is used to log in as the user provided by an endpoint running Dell Encryption. This validates the Active Director credentials that the user has logged into the endpoint with.

An interactive login is performed by the configured Active Directory account in the domain settings on the Dell Security Management Server. This login presents the user to validate to Active Directory, along with a password token for validation.

These functions take place within the Dell Security Server Service in v9.1.5 and later. In v9.1.0 and earlier, the Dell Compatibility Server processed these requests.

Note: For more information about configuring Active Directory access within a Dell Security Management Server or Dell Security Management Server Virtual, reference How to Configure the Dell Data Security / Dell Data Protection Server Administration Console.

Requirements for Microsoft SQL Interactive Service Accounts

The Dell Security Management Server leverages a Microsoft SQL server for data storage, which can be configured to authenticate with a Windows-based account. If a Windows-based account is leveraged, a few items are required:

  • The service account must have the login as a service right on the Dell Security Management Server.
  • The service account must have SQL privileges matching the intended use cases:
Action Scenario SQL Privilege Required
Upgrade Upgrades already have database and user established db_owner
Restore Install Restore an existing database and login db_owner
New Install Using an existing database db_owner
New Install Creating a database dbcreator, db_owner
New Install Using an existing login db_owner
New Install Creating a login securityadmin
Normal Operation Permissions needed for normal operation db_owner

These folders are written to by Dell Security Management Server services using the SQL service account:

D:\Program Files\Dell\Enterprise Edition\ACL Service\
D:\Program Files\Dell\Enterprise Edition\Compatibility server\
D:\Program Files\Dell\Enterprise Edition\Compliance Reporter
D:\Program Files\Dell\Enterprise Edition\Core Server
D:\Program Files\Dell\Enterprise Edition\Message Broker\
D:\Program Files\Dell\Enterprise Edition\Key Server
D:\Program Files\Dell\Enterprise Edition\Security Server\
Note:

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Article Properties


Affected Product

Dell Encryption

Last Published Date

26 Oct 2023

Version

4

Article Type

How To