Kaspersky Security installation and management are based on the access rights granted to the account under which all actions on the application are performed. The rights required for Kaspersky Security installation and management are listed below.
Rights to manage Kaspersky Security
The account under which Kaspersky Security services will be run, must have the following set of rights:
You can grant rights to modify the SharePoint configuration and rights to website collections that need to be protected, using one of the two methods: manually or with a script.
Rights for installing Kaspersky Security
The account under which you run the application installation, must have the following set of rights:
Without the rights for creating groups in Active Directory, the application cannot create role-based control groups automatically. If these rights have not been granted to the account, you have to create role-based control groups manually.
Rights for SQL database preparation
Kaspersky Security uses the SQL database to store Backup configuration files and data. You can provide the account selected for SQL database preparation with access to the database using one of the following methods:
Users with the sysadmin role can perform any actions on the SQL server. If the account has been assigned the sysadmin role, the database can be created automatically during the application installation.
If the database was created manually before the application installation, you will need to specify this database in the SQL server connection settings during the application installation. Users with the db_owner role can perform any actions on the database.
The account intended for SQL database creation and preparation will be used only when the Application Installation Wizard is running. It will not be used after installation of Kaspersky Security is complete.
Rights for managing Kaspersky Security
The user account under which Kaspersky Security will be manged must have read and write rights to <application installation folder>\Configurations. By default, the account that has been granted the local administrator rights on the computer, has the read/write access in this folder.
Also, the account under which you run Management Console must be added to the Active Directory group, which corresponds to the user role.
Kaspersky Security cannot be managed without these rights.