Proxy Rights Group Permissions
The Proxy Rights Group is responsible for holding permissions and privileges necessary for the File Dynamics Proxy user account.
Windows Servers
File Shares
Each file share managed by File Dynamics must have the Proxy Rights Group assigned with Full Control to the share itself.
Built-in Administrators Group
Some system calls used by File Dynamics require membership in each managed Windows server's BUILTIN\Administrators local group. This group membership also provides a number of user rights and privileges required by the proxy account for proper operation with each managed Windows server.
When you install and configure the Engine or Agent components from File Dynamics on a domain member server, the configuration tools grant the Proxy Rights group membership in the built-in Administrators group on that member server.
For other servers in the domain that are hosting storage managed by File Dynamics, you must grant Proxy Rights group membership in the built-in Administrators group.
NAS File Servers
See NAS Device Considerations for details on the Proxy Rights Group permissions and group memberships requirements for NAS devices.
Active Directory
Proxy Rights Group Permissions
The Proxy Rights Group requires the following access at the root of each domain in the forest:
|
Access |
Applies To |
Notes |
|---|---|---|
|
Read |
This object and all descendants |
Required for basic management and navigation |
|
Replicating Directory Changes |
This object only |
Required for Event Monitor 1 |
|
Read/Write ccx-FSFAuxiliaryStorage |
Descendant ccx-FSFManagedPathAttributes |
Required for management of File Dynamics Auxiliary policy schema extensions 2 |
|
Read/Write ccx-FSFManagedPath |
Descendant ccx-FSFManagedPathAttributes |
Required for management of File Dynamics Collaborative policy schema extensions 2 |
|
Read/Write objectClass |
Descendant user, group objects |
Required for managing auxiliary class custom schema extensions for user Auxiliary and group Collaborative storage management 2 |
|
Read/Write homeDirectory |
Descendant user objects |
Required for management of home directory attributes |
|
Read/Write homeDrive |
Descendant user objects |
Required for management of home directory attributes |
-
This permission only applies to the domain root. Additionally, it is only needed if the File Dynamics Event Monitor for AD is installed.
-
These permissions only apply when using User Auxiliary or Collaborative storage policies and the custom schema extensions have been applied.
Delegated Administration
For environments requiring delegated administration in Active Directory, apply the previous list of rights to the specific containers where management by File Dynamics is allowed to operate.
You can then remove any assigned permissions from the domain root as necessary.
NOTE: The Replicating Directory Changes permission only works on the domain root and cannot be delegated to any subcontainers.