Scenario of application deployment with the full set of access privileges
This deployment scenario is suitable for you if you have sufficient privileges to perform all installation operations on your own without the assistance of other specialists and if your account has the appropriate set of access rights.
To deploy the application with the full set of access rights:
Make sure that the account intended for deploying the application is included in the local "Administrators" group on the Microsoft Exchange server on which you are deploying the application.
Make sure that the account intended for deploying the application is included in the "Domain Administrators" and "Enterprise Administrators" groups. If not, include the account in these groups. This is needed in order for the Installation Wizard to be able to create a configuration storage and a role-based access group in Active Directory.
If the application already has been installed on at least one computer on the enterprise LAN, all you need to install the application on other computers on the enterprise LAN is a local administrator account. In this case, the user account used for installing the application must be granted permissions to read the Microsoft Exchange configuration from the following Active Directory container and all its child objects: CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<root domain>
Assign the sysadmin role on the SQL server to the account intended for preparing the database. These permissions are required to create and configure the database. The user account must also have the Allow Logon Locally permission granted in the local security policy on the Microsoft Exchange server on which the application is being installed.
Add the account intended for launching the service to the local "Administrators" group on the Microsoft Exchange server on which you are deploying the application.
If you previously removed the Debug Programs permission granted to the Administrators group by default, grant this permission to the user account under which the service is intended to run.
Add the account intended for launching the service to the Organization Management group. This is required for the application to retrieve the configuration settings of the Microsoft Exchange server.
Assign dedicated user roles to the accounts owned by users who perform corresponding duties in your company. To do this, add user accounts to the following account groups in Active Directory:
Add administrator accounts to the Kse Administrators group.
Add the accounts of anti-virus security officers to the Kse AV Security Officers group.
Add the accounts of anti-virus security operators to the Kse AV Operators group.
Perform replication of Active Directory data across the entire organization. This is required in order for application settings saved in Active Directory to become available for subsequent installations of the application on other Microsoft Exchange servers at your organization.
When creating an SQL database, the server uses local collation rules. Take the Collation parameter into account when installing the application to avoid register-dependent behavior and errors when connecting to the database.
If the application is installed with or works with an SQL database configured with AlwaysOn technology, you must synchronize the rights between all servers that belong to the database mirroring group.