KB1122 - How to setup a domain account for Rolling Restart

Rolling Restart uses its multi-threaded service to communicate with and control restarts of servers and manage groups. In order to communicate with the Rolling Restart clients, the service requires Administrator permissions on the clients and the console. The Rolling Restart console installation software asks for the username to run the service with

.
What account should you use? There are two ways you can set this up:

  1. A Domain Admin account can be used for the service login account. This provides unequivocal access to all domain clients by default. Each domain-joined client already has the 'Domain Admins' group added to their Administrators group by default.

  2. A custom account can used, instead of a Domain Admin account, for the service login account. This account needs to be added to the Administrators group on the RR console and all RR clients.


Follow these instructions to setup a custom account that is not a member of the Domain Admins group:

1. Create a user in AD called “svc_rr” by running Active Directory Users and Computers on a DC

2. On the server running the RR console, follow these steps:

a. Open services.msc (or click Control Panel/Administrative Tools/Services)

b. Open the properties for the service “Rolling Restart”

c. Click the “Log On” tab and change the account and password to the “svc_rr” account

3. Now, for each client RR server, follow these steps:

a. Run lusrmgr.msc (or open Control Panel/User Accounts).

b. Click “Manage User Accounts”, click the Advanced tab, and then press Advanced)

c. Click on “Groups” in the left tree, then open the “Administrators” on the right

d. Click the Add button and enter the name of the AD user, “svc_rr”

e. Click OK and close the lusrmgr app

No questions yet.