DLO Permission and Account summary
Below is a summary of the required Accounts and Permissions needed for the Desktop and Laptop (DLO) Application and Storage to work correctly;
Accounts:
DLO should be installed and Services run, using an Account that has Domain or Local Administration rights on the DLO Administration server, Storage Server and SQL Server.
This account must have rights to create network shares and manage permissions of network shares\directories on any remote server used for DLO and Dedupe Storage Locations. It also requires Read\Write access to the registry.
Dedupe Storage must be Accessed \ Managed using an Domain User account that is NOT an Administrator and is NOT the DLO Admin account; users will Impersonate this Dedupe User when accessing the Dedupe Storage.
Services:
To change Service accounts, use 'Tools - Manage Service Credentials' in the DLO Admin Console
- Mindtree StoreSmart Dedupe Server; run using the DLO Admin account
- SQL Server (DLO); run using DLO Admin account (if using default SQL Express install) - This account should be a sysadmin of the SQL Instance.
- SQL Server Browser; run using Local System
- Veritas DLO Administration Service; run using the DLO Admin account
- Veritas DLO Edge Server; run using Local System
- Veritas DLO Maintenance Service; run using Local System
- Veritas DLO Web Server; run using DLO Admin account
DLO Storage:
These are configured by DLO when the storage is setup, so should not need to be changed
DLO (NUDF) Storage Share Permissions;
- Everyone; Full
- Local Server Administrator; Full
- DLO Service Account; Full
DLO (NUDF) Storage Security Permissions (not inherited);
- Everyone; Read & Execute
- Local Server Administrator; Full Control
- DLO Service Account; Full Control
DLO (NUDF) User directory Security Permissions (not inherited - 1 folder per User, restricted to Administrators & named User only )
- <Domain User> Account; Full
- Local Server Administrator; Full
- DLO Service Account; Full
Dedupe (DSL) Storage Share Permissions;
- <Dedupe> User account; Full (should be a Domain User, but NOT Domain Administrator)
- Local Server Administrator; Full
- DLO Service Account; Full
Dedupe (DSL) Storage Security Permissions (not inherited);
- <Dedupe> User account; Full (should be a Domain User, but NOT Domain Administrator)
- Local Server Administrator; Full
- DLO Service Account; Full
Dedupe (DSL) User directory Security Permissions (inherited from above);
- <Dedupe> User account - Full (should be a Domain User, but NOT Domain Administrator)
- Local Server Administrator - Full
- DLO Service Account - Full
Review the DLO Administration Guide ('DLO Server Installation') for more detailed descriptions of the requirements.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.