True Control Center Installation Guide
Account and group requirements
Direct link to topic in this publication:
Account and group requirements for the Cireson Control Center
This section details the account and group requirements for the Cireson Control Center.
In this article
Standard Active Directory User Account
To be able to install the Control Center, you need a standard Active Directory user account. This will be used:
- As the Application Pool identity
- To pull data from the ConfigMgr database
- To interact with the Control Center database
- To interact with the Microsoft Deployment Toolkit (MDT) database (if you are using MDT)
- To interact with the ReportServer database (if you are using SQL Reporting Services)
If you used a service account to install ConfigMgr, you will probably use the same account for the Control Center.
If you either did not use a service account or would like to use a separate account for the Control Center, you need to ensure the account is defined as a Full Administrator user in ConfigMgr. This ensures the account will be added to the site server’s local SMS Admins group to have access to the SMS Provider.
Regardless of whether you use the Platform Service Account or the Configuration Manager Account, the account used as the App Pool account has to be configured as a Full Administrator in ConfigMgr before the Control Center Installer is launched.
Also, if the Control Center will be configured with the rights to remove a computer object from Active Directory if it is deleted from within the Control Center, those permissions are required for the account used for the Control Center in Active Directory.
This section details the optional accounts you can create for use with the Control Center.
||When installing the Control Center, you have the option of specifying any of these accounts on the Platform Settings screen as detailed in the "Running the Control Center Installer" section.|
Platform Service Account
The Platform Service Account (also known as the Platform Account), is the account that is used to run the Control Service Platform Service. This account needs SQL rights to the Control Center database and server to be able to create the Control Center database (TrueCC by default) and access it. This account should also be made the DB owner of the Control Center database.
Configuration Manager Account
The Configuration Manager Account is the account that is used by the Control Center Platform to connect to ConfigMgr to read, write and cache data to/from the ConfigMgr site database. For example, to manipulate User Device Affinity (UDA) relationships, Collection management-related tasks, etc.
This account needs to be defined as a Full Administrator in ConfigMgr before installing the Control Center (the Control Center installer will not create this account in ConfigMgr and make it a Full Administrator).
When installing the Control Center, you have the option of specifying the Configuration Manager Account on the Platform Settings screen as detailed in the "Running the Control Center Installer" section.
On the Platform Settings screen, if you check the Use Platform Account checkbox beside the Configuration Manager Account field, you will need to ensure the Platform Service Account is configured as a Full Administrator in ConfigMgr before running the Control Center Installer.
If you have also checked the Use App Pool checkbox beside the Platform Service Account field, then no additional configuration is required from a ConfigMgr perspective, provided that the App Pool account has been configured as a Full Administrator in ConfigMgr before running the Control Center Installer.
Remote Manage Account
The Remote Manage Account is the account that is used to run Control Center Remote Manage actions on users and computers. This account needs to be a member of the local Administrators group on any computers on which you want to be able to perform the Remote Manage actions.
Although an optional account, we highly recommend you create and use this account.
AD Sync Account
The AD Sync Account is the account that is used by the Control Center to synchronize data from Active Directory. This account will require permissions to the relevant part of your Active Directory structure you wish to use with the Control Center.
||During the installation process, on the Platform Settings screen, you can control which location this account should retrieve data from as detailed in the "Running the Control Center Installer" section. |
Administrative access to the Control Center is controlled through group membership. Depending on your environment, you could create a local group on the server that will host the Control Center called Control Center Admins that will contain the user accounts of anyone requiring administrative access to the Control Center In this way, controlling who has administrative access to the Control Center is merely a case of managing the membership of the Control Center Admins group.
Both Local and Domain groups are supported by the Control Center.