Skip to content

Accounts and Security#

This guide will walk you through the process of planning and preparing the security objects required by Critical Manufacturing MES.

Cluster Objects#

When preparing clusters to host Critical Manufacturing the account running the Cluster Preparation wizard must have permissions to create a computer object on the Active Directory or those objects must be created in advance. For further instructions please refer to this ⧉ Microsoft article.

Critical Manufacturing Windows Services Account#

All Critical Manufacturing services will be created to run under an account that is configured in deployment time in the installation wizard. To better understand Service User Accounts, please refer to this section ⧉ on Microsoft documentation.

As a reminder, please make sure that your service user account:

  • Has been granted the Log on as service permission in the host computer
  • Has permissions to access the network shares and the deployment folder
  • If Remote Shipping is able to read/write the queues created for Remote Shipping
  • The password never expires or there is a company mechanism to renew it before it expires

SQL Server Accounts#

If the database system was deployed in Always On on Availability Groups it is fundamental to run all instances of the same component (eg. Database Engine) under the same account. Additionally, unless there is a critical security requirement forcing to do otherwise, it is recommend to use the same account for all the SQL Server Components:

  • Microsoft SQL Server User Account
  • Microsoft SQL Server Analysis Service User Account
  • Microsoft SQL Server Reporting Services User Account

If the account hosting Reporting Services is not the same as the one hosting Critical Manufacturing services the Critical Manufacturing services user must be granted administration privileges in Reporting services.