Permissions and Accounts used in DLO

Permissions and Accounts used in DLO

Article: 100048298
Last Published: 2021-10-04
Ratings: 0 0
Product(s): Desktop Laptop Option

DLO Permission and Account summary

Below is a summary of the required Accounts and Permissions needed for the Desktop and Laptop (DLO) Application and Storage to work correctly;

 

Accounts:

DLO should be installed and Services run, using an Account that has Domain or Local Administration rights on the DLO Administration server, Storage Server and SQL Server.

This account must have rights to create network shares and manage permissions of network shares\directories on any remote server used for DLO and Dedupe Storage Locations. It also requires Read\Write access to the registry.

Dedupe Storage must be Accessed \ Managed using an Domain User account that is NOT an Administrator and is NOT the DLO Admin account; users will Impersonate this Dedupe User when accessing the Dedupe Storage.

 

Services:

To change Service accounts, use 'Tools - Manage Service Credentials' in the DLO Admin Console

  • Mindtree StoreSmart Dedupe Server;  run using the DLO Admin account
  • SQL Server (DLO);  run using DLO Admin account (if using default SQL Express install) - This account should be a sysadmin of the SQL Instance.
  • SQL Server Browser;  run using Local System
  • Veritas DLO Administration Service;  run using the DLO Admin account
  • Veritas DLO Edge Server;  run using Local System
  • Veritas DLO Maintenance Service;  run using  Local System
  • Veritas DLO Web Server;  run using  DLO Admin account

 

DLO Storage:

These are configured by DLO when the storage is setup, so should not need to be changed

DLO (NUDF) Storage Share Permissions;

  • Everyone; Full
  • Local Server Administrator; Full
  • DLO Service Account; Full

DLO (NUDF) Storage Security Permissions (not inherited);

  • Everyone; Read & Execute
  • Local Server Administrator; Full Control
  • DLO Service Account; Full Control

DLO (NUDF) User directory Security Permissions (not inherited - 1 folder per User, restricted to Administrators & named User only )

  • <Domain User> Account; Full
  • Local Server Administrator; Full
  • DLO Service Account; Full

 

Dedupe (DSL) Storage Share Permissions;

  • <Dedupe> User account; Full    (should be a Domain User, but NOT Domain Administrator)
  • Local Server Administrator; Full
  • DLO Service Account; Full

Dedupe (DSL) Storage Security Permissions (not inherited);

  • <Dedupe> User account; Full    (should be a Domain User, but NOT Domain Administrator)
  • Local Server Administrator; Full
  • DLO Service Account; Full

Dedupe (DSL) User directory Security Permissions (inherited from above);

  • <Dedupe> User account - Full    (should be a Domain User, but NOT Domain Administrator)
  • Local Server Administrator - Full
  • DLO Service Account - Full

 

Review the DLO Administration Guide ('DLO Server Installation') for more detailed descriptions of the requirements.

Was this content helpful?