Page 1 of 1

Service Account Rights

Posted: 2012-09-10 07:23
by norkmeister
Hi,

I've just started using this product and wanted to know what the minimum permission are and where they are required to run the service account with least privilege. I note that it installs as LOCAL SYSTEM and so have been adding the service account as a member of the local Administrators group, but I'd prefer to have an account with less privilege if it is supported. Is this documented anywhere?

Regards,
Jeremy.

Re: Service Account Rights

Posted: 2012-09-10 08:10
by mattg
What exactly are you hoping to achieve?
Why are you adding this user to the administrator group?
What is wrong with the default 'system' user (unless you have remote storage and/or remote database)?

In answer...
The user that the service runs under will need:-
read / write access to the database (whichever database you choose)
read / write access to the data directory
Read only access to the rest of the hMailserver branch of the file system

You should also allow only ports through the firewall, not the program

There may be other things required if you use a webmail.

Re: Service Account Rights

Posted: 2012-09-10 08:46
by norkmeister
mattg wrote:What exactly are you hoping to achieve?
Why are you adding this user to the administrator group?
What is wrong with the default 'system' user (unless you have remote storage and/or remote database)?

In answer...
The user that the service runs under will need:-
read / write access to the database (whichever database you choose)
read / write access to the data directory
Read only access to the rest of the hMailserver branch of the file system

You should also allow only ports through the firewall, not the program

There may be other things required if you use a webmail.
Correct. I want to use a remote SQL server with Windows authentication and not use the Computer Account to provide access. Thanks for the info.