Create Active Directory Groups and Service Accounts
Wood recommends that the following Active Directory groups and service accounts are created in advance of the NEXUS IC software installation process. These Active Directory groups and service accounts enable streamlined management of the security permissions on the database and the database backup location.
Create Active Directory Groups
Create a new Windows Active Directory group called NEXUS Backup Folder (or similar). This group will contain users who will be permitted to perform NEXUS Database Backups using the NEXUS IC software interface.
Create a new Windows Active Directory group called NEXUS Users (or similar), make it a member of NEXUS Backup Folder Active Directory Group. The NEXUS Users group will contain all users who require access to NEXUS.
If it doesn’t already exist, create a new Windows Active Directory group called SQL Admins. This group will contain users in your organisation who have been identified as the SQL Administrators.
Note
During SQL Server Setup, add the SQL Admins Active Directory group as an Administrator in the Setup Dialog.
Create Service Accounts
Create a new service account for running SQL Server called NEXUS_SQL_Account. The password on this account should not expire.
Add this service account to the NEXUS Backup Folder Active Directory group and the NEXUS Users Active Directory group.
When installing SQL Server, choose this account as the account to run the services, including SQL Agent and Browser.
For companies deploying IC-Web, create a new service account called NEXUS_Web_Account. The password on this account should not expire.
Add this service account to the NEXUS Users Active Directory group.