Creating a service account with restricted permissions


A best practice for your DATASTOR software installation and configuration is to run tasks with a service account. In a domain environment, a group policy can be created to configure the service account as a member of the local Administrators group of each computer in the domain without making the account a member of the Domain Admins security group.

If the user configured the software with the administrator account, and the password subsequently changed, the DATASTOR tasks would not run until the tasks were updated with the new password. Since administrators tend to log on to remote desktop sessions with the administrator account, you can avoid an issue with plans ending unexpectedly.  This may happen when a plan starts while an administrator is logged on remotely, and then the administrator logs off the session.

We now have 8 easy steps to create a service account with restricted permissions so the account does not have domain admin level permissions.

The service account can be used to log onto the server hosting the main administrative tool, Archive Manager and communicate with remote computers, create protection plans, modify schedules, view the event logs of the remote computer, or start or end the plan.