How to Install Symantec Mail Security for Microsoft Exchange (SMSMSE) With an Account that is not an Active Directory (AD) Domain Administrator
Article ID: 152562
Updated On:
Products
Mail Security for Microsoft Exchange
Issue/Introduction
When installing SMSMSE the account used does not have Domain Administrator permissions. What steps are necessary to install SMSMSE correctly with this type of account?
Cause
The documented permissions required by the Windows account performing the SMSMSE installation is for the account to be a Domain Administrator.
Resolution
NOTE: These steps are supported but not certified at this time. Symantec will troubleshoot any issues resulting from using these steps. If the issue cannot be resolved Symantec may request use of a Domain Administrator account for installation.
1. Log in with a user account that has Domain Admin privileges on a machine with access to Active Directory.
2. Create a new user account called "SMSMSE install" (or some other new account name).
a. Open Active Directory users and computers.
b. Right click the Users container on the console tree and select New -> User.
c. In the Full name and User logon name boxes enter SMSMSE install and click Next.
d. Choose a password that meets your domain’s complexity requirements, uncheck User must change password at next logon and click Next.
e. Click Finish.
b. Right click the Users container on the console tree and select New -> User.
c. In the Full name and User logon name boxes enter SMSMSE install and click Next.
d. Choose a password that meets your domain’s complexity requirements, uncheck User must change password at next logon and click Next.
e. Click Finish.
3. Create two user groups named "SMSMSE Admins" and "SMSMSE Viewers" and add the 'SMSMSE Install' user account to the "SMSMSE Admins" groups.
Note:It is important that the name of the SMSMSE groups be in exactly this format, as there are checks hard coded to check for a group with this name.
a. In Active Directory Users and Computers right click the Users container and select New -> Group
b. For group name enter exactly “SMSMSE Admins” (without the quotes)
c. Leave the Group scope and Group types as defaults (Global and Security respectively) and click Ok
d. Repeat steps 1-3, substituting “SMSMSE Viewers” for “SMSMSE Admins”
e. Expand the “Users” container in the console tree.
f. Locate the user “SMSMSE install” right click and select Properties
g. Select the Member Of tab and click Add
h. In the ‘Enter object names to select’ box, type “SMSMSE Admins” and click Ok.
b. For group name enter exactly “SMSMSE Admins” (without the quotes)
c. Leave the Group scope and Group types as defaults (Global and Security respectively) and click Ok
d. Repeat steps 1-3, substituting “SMSMSE Viewers” for “SMSMSE Admins”
e. Expand the “Users” container in the console tree.
f. Locate the user “SMSMSE install” right click and select Properties
g. Select the Member Of tab and click Add
h. In the ‘Enter object names to select’ box, type “SMSMSE Admins” and click Ok.
4. Give the SMSMSE install account permissions to administer Exchange.
NOTE: Perform these steps by logging onto a computer where Exchange is installed with a Windows account possessing "Exchange Organization Admin rights".
Exchange 2003
a. Open the Exchange System manager by using Start -> All Programs -> Microsoft Exchange -> System manager.
b. Right click the Exchange organization name in the console tree (Default name ‘First Organization (Exchange)’) and click Delegate Control.
c. Click Next and on the ‘Users or Groups’ dialog click Add….
d. On the ‘Delegate Control’ screen click Browse….
e. Enter the name SMSMSE Install and click OK.
f. On the Role dropdown select Exchange Full Administrator and then click OK.
g. Click Next and then click Finish.
b. Right click the Exchange organization name in the console tree (Default name ‘First Organization (Exchange)’) and click Delegate Control.
c. Click Next and on the ‘Users or Groups’ dialog click Add….
d. On the ‘Delegate Control’ screen click Browse….
e. Enter the name SMSMSE Install and click OK.
f. On the Role dropdown select Exchange Full Administrator and then click OK.
g. Click Next and then click Finish.
For Exchange 2007
a. Open the Exchange management shell by using Start -> All Programs -> Microsoft Exchange Server 2007 -> Exchange Management Shell.
b. Enter the following command:
b. Enter the following command:
Add-ExchangeAdministrator -Identity "<domain>/Users/SMSMSE install" -Role ServerAdmin -Scope <exchangeservername>
Replace <domain> with the fully qualified domain name. Replace <exchangeservername> with the fully qualified domain name of the Exchange server on which SMSMSE will be installed. The following is an example:
Add-ExchangeAdministrator -Identity "test.symantec.com/Users/SMSMSE install" -Role ServerAdmin -Scope testserver.test.symantec.com
c. Repeat step 3b for substituting each server you wish to install upon until you’ve completed this step for each server.
For Exchange 2010 and Exchange 2013
a. Open Active Directory Users and Computers
b. Expand the “Users” container in the console tree.
c. Locate the user “SMSMSE install” right click and select Properties
d. Select the Member Of tab and click Add
e. In the ‘Enter object names to select’ box, type “Organization Management” and click Ok.
5. Make the "SMSMSE install" account a member of the Local Administrators group for any machines on which you would like to install SMSMSE.
a. Log on to the target Exchange server using an account with administrator rights.
b. Right click ‘My Computer’ and select Manage.
c. Expand Local Users and Groups.
d. Expand Groups.
e. Right click the ‘Administrators’ group and select Add to Group….
f. Click Add….
g. Enter ‘<your domain name>\SMSMSE install’ and click Ok.
h. Exit the Computer management console.
i. Repeat steps 1-8 for each server on which you would like to install SMSMSE.
b. Right click ‘My Computer’ and select Manage.
c. Expand Local Users and Groups.
d. Expand Groups.
e. Right click the ‘Administrators’ group and select Add to Group….
f. Click Add….
g. Enter ‘<your domain name>\SMSMSE install’ and click Ok.
h. Exit the Computer management console.
i. Repeat steps 1-8 for each server on which you would like to install SMSMSE.
6. The user account is now prepared to install SMSMSE successfully, simply log in to the target Exchange servers with those credentials and perform the installation.
Feedback
Yes
No
Powered by
