Preparation Steps to Apply an Upgrade or Cumulative Release (CR) of the SSO Server by a Different User than the one who Initially Installed it.

Document ID : KB000051141
Last Modified Date : 14/02/2018
Show Technical Document Details



Typically all installation and update tasks are performed by the very same administrative user account.

This document is describing how to apply an update or a newer Cumulative Release to the SSO Server while being logged on to the local OS as a different user than the one who initially installed the SSO Server.


Make sure the new user is member of the "Domain Admins" and/or local "Administrators" group.

Add a synonym of this user account to the local Administrative Datastore in the SSO Server using the Policy Manager.

Ensure the following settings are met:

Figure 1

Figure 2

Figure 3

If it is wanted to also logon with this user to the Policy Manager, also set the EAC password accordingly.

Alternatively it is also possible to submit these selang commands instead:

nu ("ACME\\SubAdmin") auth_type ("Method20") nonative
eu ("ACME\\SubAdmin") interval (0) grace- admin Password("ChangeThis") nonative
authorize TERMINAL ("") uid ("ACME\\SubAdmin") access ("a")
join ("ACME\\SubAdmin") group ("_ps-adms")
Adjust the relevant values for 
ACME = Windows Domain
SubAdmin = Login Name for the newly created administrative account
ChangeThis = Password to be used for this user

Next logoff from the SSO Server console and logon in this case as ACME\SubAdmin to perform the update.

Note that this procedure is valid only for SSO r8.1 CR 20, SSO r12.0 CR4 and SSO r12.0 GA and newer.