Description
In environments where local non-domain accounts are not permitted, it is necessary to replace local admin accounts with domain service accounts to comply with security policies. This guide explains how to replace the local accounts (esaDocImager and EsaPrizmDocAdmin) used by PrizmDoc services on an eDiscovery server with domain service accounts. Following these steps ensures that the PrizmDoc services continue to function correctly while adhering to organizational security requirements.
How To Replace Local Admin Accounts with Domain Service Accounts for PrizmDoc Services
Understand the Context
- The local accounts
esaDocImagerandEsaPrizmDocAdminare used by PrizmDoc services on the eDiscovery server. - These accounts have been flagged as non-compliant because they are local, non-domain accounts.
- The goal is to replace these accounts with domain service accounts while ensuring uninterrupted service functionality.
- The local accounts
Preparation
- Identify or create domain service accounts that will replace the local accounts.
- Ensure the domain service accounts have the necessary permissions to run the PrizmDoc services.
- Review the PrizmDoc Administration Guide (refer to pages 7 and 8) for considerations and prerequisites.
- Refer to the eDiscovery Platform (eDP) Installation Guide for the ESAImage helper prerequisites.
Steps to Replace Local Accounts
a. Stop PrizmDoc Services- Log in to the eDiscovery server.
- Open the Services console (
services.msc). - Stop the following services:
EsaPrizmApplicationServicesEsaPrizmDocServer
b. Update Service Logon Accounts
- In the Services console, locate the
EsaPrizmApplicationServicesservice. - Right-click the service and select
Properties. - Navigate to the
Log Ontab. - Select
This accountand enter the credentials for the domain service account. i.e.domain\cwappadmin. - Repeat the above steps for the
EsaPrizmDocServerservice.
c. Verify Permissions
- Ensure the domain service accounts have the necessary permissions to access required directories and resources.
- Grant the domain accounts access to any folders or files previously accessed by the local accounts.
d. Restart PrizmDoc Services
- Return to the Services console.
- Start the
EsaPrizmApplicationServicesandEsaPrizmDocServerservices.
Validation
- Verify that the PrizmDoc services are running without errors.
- Test the functionality of the eDiscovery server to ensure that PrizmDoc services are operating as expected.
Documentation and Compliance
- Document the changes made, including the details of the domain service accounts used.
- If necessary, share the updated configuration with the IT security team to confirm compliance with organizational policies.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.