On the first page of the configuration wizard you can specify the service startup account and TCP port for DeviceLock Enterprise Server.

First of all, you should choose an account under which the DeviceLock Enterprise Server’s service will start. As many other Windows services, the DeviceLock Enterprise Server’s service can start under the special local system account (the SYSTEM user) and on behalf of any user.

To start the service under the SYSTEM user, select the Local System account option. Keep in mind that the process working under the SYSTEM user can’t access shared network resources and authenticates on remote computers as an anonymous user. Therefore, DeviceLock Enterprise Server configured to run under the SYSTEM user is not able to store shadow files on the remote computer (e.g. on the file server) and it must use DeviceLock Certificate for authentication on DeviceLock Services running on remote computers.

For more details on authentication methods, see the Certificate Name parameter description.

To start the service on behalf of the user, select the This account option, enter the user’s account name and the password. It is recommended to use a user account that has administrative privileges on all the computers where DeviceLock Service is running. Otherwise, you will need to use DeviceLock Certificate authentication.

If you’re installing DeviceLock Enterprise Server in the domain environment, we recommend that you use a user account that is a member of the Domain Admins group. Since Domain Admins is a member of the local group Administrators on every computer in the domain, members of Domain Admins will have full access to DeviceLock Service on every computer.

Also, don’t forget that if DeviceLock Security is enabled on remotely running DeviceLock Services to protect them against local users with administrative privileges, the user’s account specified in the This account option must be also in the list of DeviceLock Administrators with Full access rights. Otherwise, you’ll need to use DeviceLock Certificate authentication.

You can instruct DeviceLock Enterprise Server to use a fixed TCP port for communication with the management console, making it easier to configure a firewall. Type the port number in Fixed TCP port. To use dynamic ports for RPC communication, select the Dynamic ports option. By default, DeviceLock Enterprise Server uses the 9133 port.