Scenario of application deployment with the full set of access privileges
This deployment scenario is suitable for you if you have sufficient privileges to perform all installation operations on your own without the assistance of other specialists and if your account has the appropriate set of access rights.
To deploy the application with the full set of access rights:
Make sure that the account intended for deploying the application is included in the local "Administrators" group on the Microsoft Exchange server on which you are deploying the application. If not, include the account in this group.
Make sure that the account intended for deploying the application is included in the "Domain Administrators" and "Enterprise Administrators" groups. If not, include the account in these groups. This is needed in order for the Installation Wizard to be able to create a configuration storage and a role-based access group in Active Directory.
Assign the sysadmin role on the SQL server to the account intended for preparing the database. These rights are required to create and configure the database.
Add the account intended for launching the service to the local "Administrators" group on the Microsoft Exchange server on which you are deploying the application.
If you previously removed the Debug Programs permission granted to the Administrators group by default, grant this permission to the user account under which the service is intended to run.
Add the account intended for launching the service to the Organization Management group. This is required for the application to retrieve the configuration settings of the Microsoft Exchange server.
Assign dedicated user roles to the accounts owned by users who perform corresponding duties in your company. To do this, add user accounts to the following account groups in Active Directory:
Add administrator accounts to the Kse Administrators group.
Add the accounts of security officers to the Kse Security Officers group.
Add the accounts of anti-virus security officers to the Kse AV Security Officers group.
Add the accounts of anti-virus security operators to the Kse AV Operators group.
Perform replication of Active Directory data across the entire organization. This is required in order for application settings saved in Active Directory to become available for subsequent installations of the application on other Microsoft Exchange servers at your organization.
If the application is installed with or works with an SQL database configured with AlwaysOn technology, you must synchronize the rights between all servers that belong to the database mirroring group.