What permissions does the SPA Service Account need to have?
Does the SPA Service Account need to be a Domain Admin?
What are the permissions requirements for the SPA Service Account?
What are the SPA Service Account permissions requirements?
Directory and Resource Administrator 7.x
Directory and Resource Administrator 8.x
Secure Password Administrator 1.0
Secure Password Administrator (SPA) installs a service to ensure the availability of the Self-Service and Admin sites. Consider the following guidelines when designating the account you want SPA to use:
- Ensure the SPA service account has administrator permission on the local computer.
- If you install Directory and Resource Administrator (DRA) and SPA on the same computer, the NetIQ Secure Password Administrator service account must have the act as part of the operating system permission. The setup program grants this permission during installation.
- Using the credentials of a member of the Secure Password Administrator AA group allows you to avoid specifying a SPA Override account. For more information, see ?Using a SPA Override Account? in the User Guide.
- If a trust does not exist between the domain in which you install the Secure Password Administrator Web server and the domain of your DRA Administration server, ensure you specify a member of the SPA Users AA group as a SPA Override account. For more information, see ?Using a SPA Override Account? in the User Guide.
- If you do not exclude the NetIQ Secure Password Administrator service account from company password expiration policies, ensure you regularly update the password. An invalid password stops the service from starting. Stopping the NetIQ Secure Password Administrator service makes the Self-Service and the Admin sites unavailable.
You can find and modify the NetIQ Secure Password Administrator service using the Services Administrative Tool. The service is named NetIQ Secure Password Administrator.