Contents

Data capture accounts

ActiveEfficiency uses various remote data sources to retrieve information from the network to share with other 1E products. Access to the data source requires one or more data capture account.

Data capture accounts should be a domain accounts and have the following permissions when used with the Windows Task Scheduler:

  • Log on as batch job (mandatory)
  • Deny logon locally
  • Access the computer from the network
  • Log on as service

Running the Scout

The Scout runs under a data capture account and uses this to authenticate with its data sources through impersonation. The Scout can be run in different modes to access the different data sources. These calls to the Scout executable would normally be gathered together into a single batch file and then run using a Windows scheduled task. The batch file can also include integration and synchronization steps for use with AppClarity in order to schedule these with the Scout steps. The Scout can be run multiple times with different data capture accounts at different frequencies for each data source if required.

For convenience when running ActiveEfficiency for use with AppClarity 5.2, you may also want to configure the data capture account so that it can also run the AppClarity Connector Synchronizer. This is enabled by making the data capture account an AppClarity administrator – please refer to AppClarity 5.2 - Managing users for more details.

Scout ConfigMgr access

To retrieve information from ConfigMgr, a Scout data capture account must have:

  • db_datareader on the ConfigMgr database.

To enable the service account to access the ConfigMgr database, on the server where the ConfigMgr database is located:

  1. Open SQL Server Management Studio.
  2. Expand the  Security node and select the Logins node.
  3. Right-click and from its context menu, select New Login...
  4. In the  Login - New dialog, enter the login name for the service account and click  OK.
  5. Expand the ConfigMgr Site database, expand the  Security node and select the Users node.
  6. Right-click and from its context menu, select New User...
  7. In the  Database User - New dialog under General, enter the service account as the Login name.
  8. From the  Database role membership listselect the db_datareader option.
  9. Click  OK  to add the new user with the selected db_datareader permission.

Scout iQSonar Access

To retrieve information from iQSonar a Scout data capture account must have:

  • db_datareader on the iQSonar database.
  • execute on the dbo.DatabaseVersion_re stored procedure.

To enable the service account to access the iQSonar database on the server where the iQSonar database is located:

  1. Open SQL Server Management Studio.
  2. Expand the  Security node and select the  Logins node.
  3. Right-click and from its context menu, select New Login...
  4. In the  Login - New dialog, enter the login name for the service account and click  OK.
  5. Expand the iQSonar Site database, expand the  Security node and select the  Users node.
  6. Right-click and from its context menu, select New User...
  7. In the  Database User - New dialog under General, enter the service account as the Login name.
  8. From the  Database role membership list, select the db_datareader option.
  9. Click OK to add the new user with the selected db_datareader permission.

Scout Server access for Windows servers

The Scout data capture account must either be a local administrator on the remote servers or it needs the following remote DCOM access permissions on the remote servers: 

  • Remote Access under Access Permissions
  • Remote Launch under Launch and Activation Permissions
  • Remote Activation under Launch and Activation Permissions

Set the following WMI permissions for the account on the root\cimv2 namespace on each server:

  • Execute Methods
  • Enable Account
  • Remote Enable

For SQL servers, set the above WMI permissions on the following namespaces (one namespace will be on each SQL server, which one is dependent on the SQL version):

  • root\Microsoft\SqlServer\ComputerManagement11
  • root\Microsoft\SqlServer\ComputerManagement10
  • root\Microsoft\SqlServer\ComputerManagement

Scout Server access for Linux servers

The Scout data capture account does not require any specific permissions when retrieving data from Linux Servers. Account details are required for Linux server access but these must be specified in the Credentials.config file, as described in Configuring Server mode.

Nomad Single Site Download scripts

The data capture account used to run the Nomad SSD script will only require specific permissions for any technologies employed in the script.

Device Tagging scripts

The data capture account used to run the Device Tagging script will only require specific permissions for any technologies employed in the scripts.