Creating User Accounts for DSM

The DSM Services need user accounts to perform their tasks and to access the depots and Management Points. We recommend creating the following domain user accounts. Depending on the account, you may also use the SYSTEM account or an AD computer account instead of the domain account. Find further details on the required rights in Chapter Share and File System Permissions.

User account for the BLS Authentification (Management Point)
The user account for BLS authentication is required for the installation of the Business Logic Server and access to the web services.

User account for the Distribution Service (Management Point)
The Distribution Service is responsible for the distribution of the packages in the depots.

User account for the Service Installation Service (Management Point)
The Service Installation Service is required to install DSM clients without using OSD when a registered user does not have the necessary rights.

User account for the DSM Runtime Service (managed computer)
The DSM Runtime Service ensures that client management tasks can be performed, even if a logged-on user has restricted rights.

User account for the DSM Client's depot access (managed computer)
The account for the depot access is used in all instances where depot access cannot be executed by the logged-in user.

User account for the Client Proxy's depot access (managed computer)
The account for the Client Proxy is used by DSM OS Deployment for depot access during an OS installation.

User account of the Supervisor (DSM Console)
The user account of the Supervisor authorizes for the unlimited use of the DSM Console (DSMC). The Supervisor can be any AD user. The system assigns automatically Supervisor rights to this account.

User group for the access to the private key
The user group is allowed to read the private key for decrypting passwords.