OpsMgr 2007: Security privileges required for setup

Happy New Year!

I hope everyone enjoyed the holidays - I know I did.  I've been out of the office for a few days so that's why the blog has gotten pretty stale but now that I'm back I'll kick it off with a quick Q&A on something that seems to be commonly asked around here lately.

Question: What security rights are required for the install and operation of the System Center Operations Manager 2007 environment and why?

Answer: To be as concise as possible, the account doing the OpsMgr 2007 install requires local administrator privileges on the RMS server and on the remote SQL server for the instance of SQL where the Operations Manager database is going to be hosted. This is required so that setup can configure the necessary privileges for the SDK and Config service account and assign them the proper roles and rights on the Operations Manager database.   This is necessary because the SDK and the Config services must read and write to the Operations Manager database during normal operation.

During day to day operation, the account used for the SDK and Config Service account must have local administrative rights on the Root Management Server computer. The account should be either a Domain User or Local System. The use of Local User account is not supported and we recommended you use a different account from the one used for the Management Server Action Account.  For the other accounts such as the Action, Data Reader and Data Writer accounts, they can be of a lower privilege, just be sure to remember that the action account runs rules, monitors and scripts so it needs to have enough privileges to run them. 

I hope this clears this up a least a little bit, and if you have any suggestions for future topics just send them my way.

J.C. Hornbeck | Manageability Knowledge Engineer