Defining the Web Client Account and Service Account

Ivanti Endpoint Security requires two user accounts to operate critical components: a Web client account and a service account.

Ivanti recommends creating new local user accounts to use as Web client and service accounts (as defined in the installation procedures). However, you can also use preexisting local or domain accounts. When using preexisting local or domain accounts, certain requirements must be fulfilled. Remember the following rules if you use preexisting user accounts when installing Ivanti Endpoint Security using a remote instance of SQL Server:

• In cross-domain network configurations, accounts from either domain may be used as the Web client and service accounts, but the domains must have a trust relationship.
• Any install in which either the Ivanti Endpoint Security server or the SQL server is in a workgroup must use local accounts as the Web client and service accounts.
• When using local accounts as the Web client and service accounts, there must be a duplicate of each account on each server. For example, if the Ivanti Endpoint Security server hosts an account named serviceadmin with a password of Password.0, then the SQL server must host an account called serviceadmin with a password of Password.0.
• When using a domain account for the service accounts it must also belong to the local Administrator group in order to run critical services including Internet Information Services (IIS).

You can use existing user accounts as the Web client account and service account. However, Ivanti recommends creating new accounts specifically for Ivanti Endpoint Security using the installer (if using a remote SQL Server instance, manual creation of identical accounts is required). Creating accounts specifically for the product increases security and automates creation of trust relationships.