Installing UIM Using Windows Domain Account

Document ID : KB000035068
Last Modified Date : 20/02/2018
Show Technical Document Details

When a customer needs to use Windows domain account as per their company policy, there are specific rights that are required for the install to continue.

If customer decides to use Active Directory account (service account) to connect to SQL Server database in database setup section of the UIM install, then the installer sets up Nimsoft Robot Watcher service with AD account user as seen below
User-added image

This service account needs to be setup on the Windows server with following rights and group membership for NMS:

1- Logon as Service
2- Allow Logon locally
3- Member of local Administrators group
4- SQL Server login account for domain user used in NMS install

1.  Logon as Service

Under Start->Administrative Tools->Local Security Policy open Local Policies/User Rights Assignment  and verify that your user is defined here.

User-added image

Note that as of v5.6.1 of UIM, your domain user WILL BE ADDED during installation.

2.Now open Allow Logon Locally and verify that your domain user is defined.

User-added image


3.  Member of local Administrators group
Make sure that on your UIM server, your user is a member of the local administrators group.

User-added image


4- Create account for domain account/service account in SQL Server 

User-added image


You can assign items 1& 2 using Local Security Policy, For item 3 above, by default the Domain Admins group is member of local Administrators group.  For item 4, you need to open SQL Server Management Studio to create an SQL Server login for domain account with appropriate permissions.

Once, the above is configured, you can now run the UIM installer specifying an Active Directory account in the database section.

Make sure that you specify AD user with Domain\User syntax as shown below:

User-added image


Additional Information:

Note 1: If installing UMP on a separate host than UIM host, change the service login to match the Nimsoft Robot Watcher service login defined on UIM host.

Note 2: If  Logon as is changed in the Control Panel's Service section for Nimsoft Watcher Service, the added account will be granted Logon as Service rights by operating system.

Note 3: It has been found that the connection test to the SQL database will fail if the domain account does not have the "Log on as a batch job" user right. This is enabled by default for the administrators group. If this right is removed the database connection test with fail with a credential error.