Configuring Active Directory Groups to Connect the Recording Service with Recorders
Windows authentication is used to authorize the connection between the Recording Service and the Recorder instances installed on users' workstations.
Before you begin
Make sure the computers on which the Recording Service and Recorder will be installed meet the following requirements:
- All workstations on which a Recorder is to be installed and the server on which the Recording Service will be installed must be members of the same Active Directory domain.
- The user accounts that will be used for working with the applications have been added into the corresponding Active Directory groups. You can use an existing security group or create the following security groups in Active Directory:
- Recording Service admin group (e.g. Recorder-admin)
Assign this group full control to the Recording Service web application. Then add user accounts to the group to grant them admin access to the Recording Service web application. - Recorder writers (e.g. Recorder-writer)
Assign this group write access to the Recording Service. Then add user accounts to the group to grant their Recorder instances write access to the Recording Service web application. This will allow Recorder instances to send logs to the Recording Service.
When installing the Recording Service, in the AD Security step, specify the names of the configured groups.
- Admin AD Security group
Members of this group obtain admin access to the Recording Service website. - Recorder AD Security group
Members of this group obtain write access to the Recording Service component. Both local and Active Directory groups and accounts can be used.
If you install the program in a production environment, it is recommended to specify existing Active Directory security groups or groups you created before the installation, e.g., Recorder-admin and Recorder-writer.
For testing purposes, you may specify a user account(s):
- Domain user
Format: Domain\UserName
To display the domain and username of the person who is currently logged on to the computer, open the Command Prompt (Start > Run > cmd) and type whoami. - Local group or user
Format: ComputerName\GroupName or ComputerName\UserName
To display the computer name, open the Command Prompt (Start > Run > cmd) and type hostname.
Note. You may create a local group, add domain users or groups to it, and specify this group to the Admin AD Security group field. - Everyone — if you do not want to restrict access to the Recording Service website
Format: Everyone
You can change AD Security Groups configuration later. For more information, see the "How to Change AD Security Groups that Have Access to the Recording Service Resources" section below.
22.09.2023 8:59:47