The Permissions required by the MWService Active Directory Account
Besides the MWService Active Directory Account needs the following permissions:
Required groups | |
|---|---|
Permission | Reason |
Domain Admin | Required to create, configure, and manage user accounts and group memberships in Active Directory. |
Enterprise Admin | Required to perform all necessary administrative tasks across the entire Active Directory forest. This is essential for organizations with multiple domains, allowing MW to automate deployment, manage policies, and interact with all computers—no matter which domain they belong to. Without this, some cross-domain features and automation may not work. |
Local Admin | Required for installing the software, modifying system settings for installation, and ensuring the software can operate without manual intervention. This access is needed to: install and manage Windows services for MW, update, and write to protected registry keys and folders. |
Event Log Readers | Allows the user to read event logs to diagnose and fix issues affecting the environment effectively. |
Other permissions - Optional, but recommended | |
|---|---|
Permission | Reason |
SeServiceLogonRight | Allows the user to log on as a service. |
SeInteractiveLogonRight | Allows the user to log on locally. |
SeRemoteInteractiveLogonRight | Allows the user to log on through remote desktop services. |
Contact Us
Barracuda Campus
Barracuda Support