Account roles

PATROL for Exchange Servers uses account roles to perform system management tasks. The following account roles are required:

Agent Account

The Agent Account is used to execute system commands that require Administrator-level privileges.
Verify that this account meets the following requirements:

  • Member of the local Administrators group
  • Act as part of the operating system user right
  • Replace a process level token user right
  • Increase quotas or Adjust memory quotas for a process user right

Operating System Account

  • Domain account in the administrator group on the monitored Exchange server machine

Exchange User Account

The Exchange User Account is used to access the Exchange Server, directory, user mailboxes, and messaging subsystems. You can create or specify this account during configuration.
Verify that this account meets the following requirements:

  • Member of the local Administrators group on the PATROL Agent machine
  • Exchange view-only organization managment

  • Domain user account

  • The Exchange User Account used to run certain recovery actions must be granted the Exchange Administrator role. If the account is granted only the Exchange View Only Administrator role, the recovery actions cannot run.

The Exchange View Only Administrator role in Exchange server 2007 is called View Only Organization Managment in 2010 and 2013.

Console Connection Account

The console connection account is the user ID that you enter when adding new hosts to your PATROL console. If your account does not have Exchange administrator privileges, the program prompts you for an account that has them. You can modify the console connection account any time while using the product. On the console, open the Customize Properties window and click the Security folder tab for access to the connection account.

Verify that this account meets the following requirements

  • Administer information store privilege
  • Act as part of the operating system user right
  • Create process-level token user right

The Exchange Server 2010 and 2013 have the following additional features:

  • When a user is defined on cluster environment or on active directory the account roles must be defined on each local server where the agent is installed.
  • If you create an Exchange account in the DAG environment, you must add the Organization management role for this user.

Improved Configuration Account Management

PATROL for Exchange Servers uses the following account roles to perform monitoring and management tasks: PATROL agent default account, Exchange user account, and Exchange mailbox. An Exchange 2007, 2010 and 2013 clustered environment supports multiple mailbox role assignments. The account role interface enables you to easily define, manage, and verify account role assignments and account passwords. Features include:

  • Configuring account role assignments with an option to create new accounts
  • Assigning required user privileges and logon rights, and delegating Exchange permissions
  • Changing OS passwords or saved passwords for the system
  • Verifying that account role assignments meet the minimum security requirements for management tasks
  • Re-initializing the PATROL Agent after applying a change to the system account

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*