ControlSuite : What permissions are required for the Equitrac Service Account
What user rights / permissions are required for the Service account used to run the Equitrac Services and can services run as local system?
Many permissions are required for the Equitrac Service account. Amongst many, the account needs to talk between the Equitrac Services, read and write to the Equitrac Database, communicate to the Active Directory to allow authentication and user synchronisation, manage print jobs and communicate with Devices. The exact permissions are too many to name.
Therefore, Kofax recommends that the domain user account used to run the Equitrac services should have local administrator rights on the servers that host the Equitrac services. To communicate with the database Kofax also recommends DB owner rights to the database to allow reading and writing of information.
If a specific issue should arise and the Equitrac Service Account is found to not have local administrator rights, then the customer will be requested to re-apply local administrator rights permissions to the account to allow investigations to proceed.
ControlSuite also supports the use of local system for all services from version 6.1 and above unless there is a need for a service to write to a network share. To connect to the Equitac database see :
How to connect ControlSuite Equitrac 6.1 to the SQL database when using Local System to run the Core Accounting Service - Kofax