Installing DeviceLock : Installing DeviceLock Content Security Server : Perform Configuration and Complete Installation : Service account and connection settings
  
Service account and connection settings
On this page, you configure startup options for the DeviceLock Content Security Server service.
Log on as
First of all, you should choose an account under which the DeviceLock Content Security Server service will start. As with many other Windows services, the DeviceLock Content Security Server service can start under the special local system account (the SYSTEM user) and on behalf of any user.
To start the service under the SYSTEM user, select the Local System account option. Keep in mind that the process working under the SYSTEM user cannot access shared network resources and authenticates on remote computers as an anonymous user. Therefore, DeviceLock Content Security Server configured to run under the SYSTEM user is not able to access DeviceLock Enterprise Server running on the remote computer and it must use DeviceLock Certificate for authentication on it.
For more information about authentication methods, see description of the Certificate Name parameter.
 
Important: If the DeviceLock Content Security Server service is configured to run under the Local System account, DeviceLock Discovery Server cannot install or remove DeviceLock Discovery Agents on remote computers.
To start the service on behalf of the user, select the This account option, enter the user’s account name and the password. It is recommended to use a user account that has administrative privileges on all the computers where DeviceLock Enterprise Server is running. Otherwise, you will need to use DeviceLock Certificate authentication.
If you are installing DeviceLock Content Security Server in the domain environment, we recommend that you use a user account that is a member of the Domain Admins group. Since Domain Admins is a member of the local group Administrators on every computer in the domain, members of Domain Admins will have full access to every computer.
Also, consider the following:
If Default Security is disabled on a remote DeviceLock Enterprise Server, the user account specified in the This account option must be also in the list of server administrators with at least Read-only level of access on that DeviceLock Enterprise Server. Otherwise, the DeviceLock Certificate authentication needs to be used.
If if Default Security is disabled on a remote DeviceLock Service, the user account specified in the This account option must be also in the list of DeviceLock administrators with at least Read-only access rights on that DeviceLock Service. Otherwise, the DeviceLock Certificate authentication should be used or explicit credentials should be specified in the respective DeviceLock Discovery unit.
Connection settings
You can instruct DeviceLock Content Security Server to use a fixed TCP port for communication with the management console, making it easier to configure a firewall. Type the port number in Fixed TCP port. To use dynamic ports for RPC communication, select the Dynamic ports option. By default, DeviceLock Content Security Server uses port 9134.
Click Next to start the DeviceLock Content Security Server service and to proceed to the second page.