Configuring Active Directory Groups to Connect the Recording Service with Recorders
Windows authentication is used to authorize the connection between the Recording Service and the Recorder instances installed on users' workstations.
Make sure the computers on which Recording Service and Recorder will be installed meet the following requirements:
- All workstations on which Recorder is to be installed and the server on which the Recording Service will be installed must be members of the same Active Directory domain.
- The user accounts that will be used for working with the applications have been added into the corresponding Active Directory groups. You can use an existing security group or create the following security groups in Active Directory:
- Recording Service admin group (e.g. Recorder-admin)
Assign this group full control to the Recording Service web application. Then add user accounts to the group to grant them admin access to the Recording Service web application. - Recorder writers (e.g. Recorder-writer)
Assign this group write access to Recording Service. Then add user accounts to the group to grant their Recorder instances write access to the Recording Service web application. This will allow Recorder instances to send logs to Recording Service.
When installing Recording Service, in the Active Directory Security step, specify the names of the configured groups.
- Admin AD Security group
Members of this group obtain admin access to the Recording Service website. - Recorder AD Security group
Members of this group obtain write access to the Recording Service component. Both local and Active Directory groups and accounts can be used.
If you install the program in a production environment, it is recommended to specify existing Active Directory security groups or groups you created before the installation, e.g., Recorder-admin and Recorder-writer.
For testing purposes or in case you do not have Active Directory, you may specify for:
- Admin AD Security group - Recording Service local admins' user account(s)
- Domain user
Format: Domain\UserName - Local group or user
Format: ComputerName\GroupName or ComputerName\UserName
To display the computer name, open the Command Prompt (Start > Run > cmd) and type hostname.
Note. You may create a local group, add domain users or groups to it, and specify this group to the Admin AD Security group field. - Recorder AD Security group - Everyone
In this case, access to the Recording Service website will be unrestricted.
Format depends on your Windows locale, for example, in English: Everyone
How to find out which Active Directory groups in different languages you are a member of:
- Open the Command Prompt (Start > Run > cmd)
- Use whoami /groups
This command will list distribution groups and nesting.
You can change AD Security Groups configuration after the Recording Server and Recorder installation. For more information, see the "How to Change AD Security Groups that Have Access to the Recording Service Resources" section.
9/22/2023 8:59:47 AM