SCOM Application level Permission

SCOM Application Permissions

  1. Check whether the particular run as account for the server is configured in Run as profile, if yes, move to next step
  2. Check with project team whether the Run as account have enough permissions and existing in Individual server, if nope ask them to provide

Run as account Privilege requirement:

Citrix                      –              Citrix Farm admin

SharePoint          –              SharePoint farm admin

SQL                        –              Sysadmin & local admin

Exchange             –              Exchange Admin

AD                          –              Domain Admin

BlackBerry           –              NA

Evault                    –              NA

Good link             –              NA

Lync                       –              Network Service account

Note: In SCOM we have a concept called Low privileged account, Eg: For AD Monitoring we don’t require exact Domain admin permission, the normal run as account will work till some extend for sure but for making it 100% we ask for Domain admin (Eg: AD replication services requires some additional permissions when your run as account has only local admin privileges). Otherwise we have to ask for exact client requirement for monitoring and have to add privileges one by one to fulfill the requirement.