Active Directory Groups & Service Accounts

Wood recommend that the following Active Directory Groups and Service Accounts are created in advance of the NEXUS IC software installation process. These Active Directory groups and service accounts enable streamlined management of the security permissions on the database and the database backup location.

Active Directory Groups

SQL Admins AD Group

Note - during SQL Server Setup you should add the SQL Admins Active Directory group as an Administrator in the Setup Wizard.

  1. Create a new Windows Active Directory group called NEXUS Backup Folder (or similar). This group will contain users who will be permitted to perform NEXUS Database Backups using the NEXUS IC software interface.
  2. Create a new Windows Active Directory group called NEXUS Users (or similar), make it a member of NEXUS Backup Folder Active Directory Group. The NEXUS Users group will contain all users who require access to NEXUS.
  3. If it doesn’t already exist, create a new Windows Active Directory group called SQL Admins, this group should contain users in your organisation who have been identified as the SQL Administrators.

Service Accounts

  1. Create a new service account for running SQL Server called NEXUS_SQL_Account. The password on this account should not expire. Add this Service Account to the NEXUS Backup Folder Active Directory group and the NEXUS Users Active Directory group. When installing SQL Server, choose this account as the account to run the services, including SQL Agent and Browser.
  2. For companies deploying IC-Web, create a new service account called NEXUS_Web_Account. The password on this account should not expire. Add this Service account to the NEXUS Users Active Directory Group.