cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Local users and groups

Jump to solution

ePO version 5.3

I have been admin'ing ePO for about a year but I wasn't here when it was implemented at my organization, so I'm missing a couple pieces of info regarding local users and groups.

On the server that has ePO installed (using Windows 2012 R2), the below entries exist in the Local Users and Groups console:

Groups > ePO Pre Checker Grp

Includes:  ePO Service Account, local account with my predecessor's name

Groups > ePO User Group

Includes:  ePO Service Account, my domain account

 

Obviously, I want to get rid of the local account with my predecessor's name since he no longer works here.  It's not a domain account so either he created it manually or ePO created and assigned it and is still using it.  Is there any reason I need to keep this?  Is there any reason I need to keep either of these groups?  I don't know why my domain account is in one of the groups as I didn't add it. 

TYIA!

1 Solution

Accepted Solutions
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Local users and groups

Jump to solution

The ePO Pre Checker Grp was created by the pre-installation auditor tool and is populated with the account used for connection to the database.  Version 3.0 and up of that tool will delete that after the tool runs, like it is supposed to, but the older versions aren't doing that.  So yes, that can be removed.


The ePO User Group is needed and is populated wtih the account that connects to the database (core/config) and is also used for the account used to deploy agents.  Those Windows acocunts must have "Allow logon locally" permissions to the ePO server or agent handler in order to impersonate that account and authenticate to the client.  So that group must remain.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

3 Replies
McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Local users and groups

Jump to solution

The ePO Pre Checker Grp was created by the pre-installation auditor tool and is populated with the account used for connection to the database.  Version 3.0 and up of that tool will delete that after the tool runs, like it is supposed to, but the older versions aren't doing that.  So yes, that can be removed.


The ePO User Group is needed and is populated wtih the account that connects to the database (core/config) and is also used for the account used to deploy agents.  Those Windows acocunts must have "Allow logon locally" permissions to the ePO server or agent handler in order to impersonate that account and authenticate to the client.  So that group must remain.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Local users and groups

Jump to solution

Thanks for the reply and info!

McAfee Employee cdinet
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Local users and groups

Jump to solution

anytime!  Glad to assist

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

MPower Badge Now Available
Customers attending MPower can earn a community badge. Check into the MPower forum and say hi to have the badge awarded to your community profile.