cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Local users and groups

Jump to solution

ePO version 5.3

I have been admin'ing ePO for about a year but I wasn't here when it was implemented at my organization, so I'm missing a couple pieces of info regarding local users and groups.

On the server that has ePO installed (using Windows 2012 R2), the below entries exist in the Local Users and Groups console:

Groups > ePO Pre Checker Grp

Includes:  ePO Service Account, local account with my predecessor's name

Groups > ePO User Group

Includes:  ePO Service Account, my domain account

 

Obviously, I want to get rid of the local account with my predecessor's name since he no longer works here.  It's not a domain account so either he created it manually or ePO created and assigned it and is still using it.  Is there any reason I need to keep this?  Is there any reason I need to keep either of these groups?  I don't know why my domain account is in one of the groups as I didn't add it. 

TYIA!

1 Solution

Accepted Solutions
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Local users and groups

Jump to solution

The ePO Pre Checker Grp was created by the pre-installation auditor tool and is populated with the account used for connection to the database.  Version 3.0 and up of that tool will delete that after the tool runs, like it is supposed to, but the older versions aren't doing that.  So yes, that can be removed.


The ePO User Group is needed and is populated wtih the account that connects to the database (core/config) and is also used for the account used to deploy agents.  Those Windows acocunts must have "Allow logon locally" permissions to the ePO server or agent handler in order to impersonate that account and authenticate to the client.  So that group must remain.

3 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Local users and groups

Jump to solution

The ePO Pre Checker Grp was created by the pre-installation auditor tool and is populated with the account used for connection to the database.  Version 3.0 and up of that tool will delete that after the tool runs, like it is supposed to, but the older versions aren't doing that.  So yes, that can be removed.


The ePO User Group is needed and is populated wtih the account that connects to the database (core/config) and is also used for the account used to deploy agents.  Those Windows acocunts must have "Allow logon locally" permissions to the ePO server or agent handler in order to impersonate that account and authenticate to the client.  So that group must remain.

Re: Local users and groups

Jump to solution

Thanks for the reply and info!

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Local users and groups

Jump to solution

anytime!  Glad to assist