Resolution
goal
What permissions does the SPA Service Account need to have?
goal
Does the SPA Service Account need to be a Domain Admin?
goal
What are the permissions requirements for the SPA Service Account?
goal
What are the SPA Service Account permissions requirements?
fact
Directory and Resource Administrator 7.x
Directory and Resource Administrator 8.x
fact
Secure Password Administrator 1.0
fix
What permissions does the SPA Service Account need to have?
goal
Does the SPA Service Account need to be a Domain Admin?
goal
What are the permissions requirements for the SPA Service Account?
goal
What are the SPA Service Account permissions requirements?
fact
Directory and Resource Administrator 7.x
Directory and Resource Administrator 8.x
fact
Secure Password Administrator 1.0
fix
Secure Password Administrator (SPA) installs a service to ensure the availability of the Self-Service and Admin sites. Consider the following guidelines when designating the account you want SPA to use:
- Ensure the SPA service account has administrator permission on the local computer.
- If you install Directory and Resource Administrator (DRA) and SPA on the same computer, the NetIQ Secure Password Administrator service account must have the act as part of the operating system permission. The setup program grants this permission during installation.
- Using the credentials of a member of the Secure Password Administrator AA group allows you to avoid specifying a SPA Override account. For more information, see ?Using a SPA Override Account? in the User Guide.
- If a trust does not exist between the domain in which you install the Secure Password Administrator Web server and the domain of your DRA Administration server, ensure you specify a member of the SPA Users AA group as a SPA Override account. For more information, see ?Using a SPA Override Account? in the User Guide.
- If you do not exclude the NetIQ Secure Password Administrator service account from company password expiration policies, ensure you regularly update the password. An invalid password stops the service from starting. Stopping the NetIQ Secure Password Administrator service makes the Self-Service and the Admin sites unavailable.
You can find and modify the NetIQ Secure Password Administrator service using the Services Administrative Tool. The service is named NetIQ Secure Password Administrator.
Additional Information
Formerly known as NETIQKB50312