HP Tc4100 Hewlett-Packard VA 7100/7400 Microsoft Cluster Services Installation - Page 26

Create the Cluster Service Domain Account, Service Group, OU Group Policy, Introduction - server driver

Get HP Tc4100 - Server - 256 MB RAM PDF manuals and user guides View all HP Tc4100 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 26 highlights

VA 7100/7400 Cluster Installation Guide 4 Create the Cluster Service Domain Account, Service Group, OU Group Policy Introduction This procedure of this chapter should be performed by a Network Administrator, familiar with Windows 2000 Group Policies and Security. General Information The cluster service on each cluster node will run under the security context of a domain user account. This account must be created in the customer organizational unit (OU) and named OUName clusteradmin. In addition, a new user group called OUName Cluster Group must be created in the customer OU (ensure that the Group Scope is set to Global and the Group Type is set to Security). This user account must have the following local rights on each cluster node: • Act as part of the operating system • Back up files and directories • Increase quotas • Increase scheduling priority • Load and unload device drivers • Lock pages in memory • Log on as a service • Restore files and directories These local rights will be implemented via a Group Policy created later in this chapter. NOTE Ensure that the customer OU already exists. It should have been created when the first server for the customer site was provisioned. Do not manually create the OU. The domain user account (OUName clusteradmin) to be created can also be used for the SQL server service and SQL server agent service in the SQL server cluster environment (unless the Local System account is used instead). The new user group (OUName Cluster Group) to be created is a global security group and will initially have only one member, the domain user account OUName clusteradmin. The global security group, however, is a container designed to hold additional cluster user accounts. If the customer installs additional clusters into their architecture, this group will already have the appropriate user rights set by a Cluster GPO, and no additional security changes will be required. This group (OUName Cluster Group) must also be made a member of the Service Accounts universal security group located in the user container for the domain. Preliminary Operations Ensure that all requirements detailed in chapters 2 and 3 have been thoroughly reviewed and successfully completed before proceeding to the Account/Group Creation Procedure. 10/12/01 23

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
VA 7100/7400 Cluster Installation Guide
10/12/01
23
4
Create the Cluster Service Domain Account, Service
Group, OU Group Policy
Introduction
This procedure of this chapter should be performed by a Network Administrator, familiar with Windows 2000 Group
Policies and Security.
General Information
The cluster service on each cluster node will run under the security context of a domain user account.
This account
must be created in the customer organizational unit (OU) and named OUName clusteradmin.
In addition, a new user
group called OUName Cluster Group must be created in the customer OU (ensure that the Group Scope is set to
Global
and the Group Type is set to
Security
).
This user account must have the following local rights on each cluster
node:
Act as part of the operating system
Back up files and directories
Increase quotas
Increase scheduling priority
Load and unload device drivers
Lock pages in memory
Log on as a service
Restore files and directories
These local rights will be implemented via a Group Policy created later in this chapter.
NOTE
Ensure that the customer OU already exists.
It should have been created when the first server for
the customer site was provisioned.
Do not manually create the OU.
The domain user account (OUName clusteradmin) to be created can also be used for the SQL server service and SQL
server agent service in the SQL server cluster environment (unless the Local System account is used instead).
The
new user group (OUName Cluster Group) to be created is a global security group and will initially have only one
member, the domain user account OUName clusteradmin.
The global security group, however, is a container designed
to hold additional cluster user accounts.
If the customer installs additional clusters into their architecture, this group
will already have the appropriate user rights set by a Cluster GPO, and no additional security changes will be required.
This group (OUName Cluster Group) must also be made a member of the
Service Accounts
universal security group
located in the user container for the domain.
Preliminary Operations
Ensure that all requirements detailed in chapters 2 and 3 have been thoroughly reviewed and successfully completed
before proceeding to the
Account/Group Creation Procedure
.