Verifying that You Have Active Directory Permissions
Many of the procedures in this guide add or modify Active Directory user, group, and computer accounts. You should verify you have the appropriate Active Directory permissions to make these kinds of changes in the evaluation environment. If you are not an Active Directory administrator or a domain administrator, you might not have access to the domain controller or sufficient permission to modify Active Directory objects and attributes.
To conduct the evaluation, have an Active Directory administrator create an organizational unit for you to use and delegate full control of the organizational unit to you. For more information about creating an organizational unit and delegating control, see the following topics:
-
Creating an organizational unit for IBM Security
-
Delegating control for the IBM Security organizational unit
In addition to the organizational unit for IBM Security objects, you need to have Log on as a service user access rights to start the Zone Provisioning Agent included in the package.
To confirm that your account has “Log on as a service” access rights
-
Open the Windows Administrative Tools Local Security Policy.
-
Expand the Local Policies node and select User Rights Assignments.
-
Scroll down to Log on as a service and double-click to display properties for this right.
-
Click Add User or Group.
-
Type the user or group name or click Browse to search for and select your account, then click OK to add this right to your account in the Local Security Setting.