SIM Credential – This is the user used to run the Symantec Installation Manager (SIM). This user must be a member of the Administrators group. Either a local or domain administrator will work.
App Identity Credential – This is the user context the console and several other ITMS process run under by default. It is highly recommended that a service account be created for the App Identity credential. The App Identity credential as well as the Classic .NET and DefaultAppPool need to have the “Log On As” A Service right.
Agent Connectivity Credential – This credential is used to download packages over UNC. By default is the same as the App Identity. However this can be setup as a separate credential.
Package Access Credential – This credential is used by the Notification Server to access packages that are not on the local file system. By default is the same as the App Identity. However this can be setup as a separate credential.
Database Access Credential – This credential is used to access and modify the database and requires db_owner rights to the Symantec_CMDB.
There are two good ways to approach preparing for database setup.
1. Create an empty NS database before running SIM. (More secure)
a. The SQL administrator creates an empty NS database and then adds the Database Access Credential to the db_owner role.
b. This allows the SQL administrator to limit the abilities of the Database Access Credential to just the NS database.
2. The SQL administrator adds the Database Access Credential to the dbcreator role on the SQL server.
a. This allows the administrator installing SIM to provide the database name at install time.
Sometimes, you are required to assign the Symantec Administrator role to the Local Administrator user on the computer where you installed the IT Management Suite (ITMS) solutions. This step is required for performing additional tasks in your ITMS environment, such as, upgrading to the latest version of ITMS. You use the Symantec Management Console to grant the Symantec Administrator role to a local administrator user account on the computer where the ITMS solutions are installed.
To grant the
Symantec Administrator role to a local administrator user account:
1.Log on to the computer where you installed the IT Management Suite solutions as an administrator.
Start > Control Panel > User Accounts > User Accounts > Manage User Accounts.
Alternatively, click Start, in the Search field, type
netplwiz to open the
User Accounts dialog box.
3.Ensure that the user account that you used to log on to the computer belongs to the
Note: If the user account does not belong to the Administrators group, in the
User Accounts dialog box, select your user account and then click
Properties. Click the
Group Membership tab and then select
Administrators group. Click
Apply and then
OK to save the changes. You might be prompted to log off and log on again for the changes to take effect.
4.Launch the Symantec Management Console.
Settings > Security > Account Management. The
Accounts page is displayed that lists the list of ITMS user accounts.
6.Select the local administrator account from the list of ITMS user accounts.
Note: If the local administrator user account is not displayed in the list, you are required to add the user account to the ITMS user account. To create a new account for the local administrator, click
Add. In the
New Account dialog box that appears, type the new ITMS account name, and then click
OK. In the right pane, click the
General tab and then specify the general account details. These include the full name and email address of the user for whom the account is created, the account status, and the account credentials.
7.In the right pane, click the
Member of tab. A list of security roles to which the account belongs is displayed.
Select Roles page, browse and select the
Symantec Administrators role.
For more information on assigning an ITMS administrator role to a user account, see the following video on the Symantec Connect site: