Changing an Administration Server service account. Utility tool klsrvswch

If you have to change the Administration Server service account that was set during installation of Kaspersky Security Center, you can use a utility named klsrvswch that is designed for changing the Administration Server account.

When Kaspersky Security Center is installed, the utility is automatically copied to the application installation folder.

The number of launches of the utility is essentially unlimited.

You must launch the klsrvswch utility on the Administration Server device under the account with administrator rights that was used to install Administration Server.

The klsrvswch utility allows you to change the account type. For example, if you use a local account, you can change it to a domain account or to a managed service account (and vice versa). The klsrvswch utility does not allow you to change the account type to group managed service account (gMSA).

Windows Vista and later Windows versions do not allow the use of a LocalSystem account for the Administration Server. In these Windows versions, the LocalSystem account option is inactive.

To change an Administration Server service account to a domain account:

  1. Launch the klsrvswch utility from the installation folder of Kaspersky Security Center. The default installation path: <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.

    This action also launches the wizard for modification of Administration Server service account. Follow the instructions of the wizard.

  2. In the Administration Server service account window, select LocalSystem account.

After the wizard finishes, the Administration Server account is changed. The Administration Server service will start under the LocalSystem Account and use its credentials.

Correct operation of Kaspersky Security Center requires that the account used to start the Administration Server service has administrator rights to the resource where the Administration Server database is hosted.

To change an Administration Server service account to a user account or a managed service account:

  1. Launch the klsrvswch utility from the installation folder of Kaspersky Security Center. The default installation path: <Disk>:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Center.

    This action also launches the wizard for modification of Administration Server service account. Follow the instructions of the wizard.

  2. In the Administration Server service account window, select Custom account.
  3. Click the Find now button.

    The Select User window opens.

  4. In the Select User window, click the Object Types button.
  5. In the object types list, select Users (if you want a user account) or Service Accounts (if you want a managed service account) and click OK.
  6. In the object name field, enter the name of the account, or a part of the name, and click Check Names.
  7. In the list of the matching names, select the necessary name, and then click OK.
  8. If you selected Service Accounts, in the Account password window, leave the Password and Confirm password fields blank. If you selected Users, enter a new password for the user and confirm it.

The Administration Server service account will be changed to the account that you selected.

When Microsoft SQL Server is used in a mode that presupposes authenticating user accounts with Windows tools, access to the database must be granted. The user account must have the status of owner of the Kaspersky Security Center database. The dbo schema is used by default.

Page top