Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. BlackBerry UEM Installation and Upgrade
  4. Preinstallation and preupgrade tasks
  5. Configure permissions for the service account

Configure permissions for the service account

A service account is a
Windows
 account that runs the services for
BlackBerry UEM
. The service account must be a member of the local Administrators group with default policy settings on the computer that you install
UEM
 on, and must have the Log on as a service permission. The
Windows
 service account must also have permission to access
Microsoft SQL Server
, unless you are using direct
SQL Server
 authentication. If you use
Microsoft SQL Server
 authentication to connect to the
UEM
 database, the
UEM
 services run under the Local System account.
You can also use a group Managed Service Account (gMSA) to install or upgrade
UEM
 and run the
UEM
 services. For more information about creating and configuring a gMSA, see Windows Server: Get started with Group Managed Service Accounts. The gMSA must have access to and be installed on the computer where you will install
UEM
, and it may need access rights for the
Microsoft SQL Server
 database.
  1. On the taskbar, click
    Start > Administrative Tools > Computer Management
    .
  2. In the left pane, expand
    Local Users and Groups
    .
  3. Navigate to the
    Groups
     folder.
  4. In the right pane, double-click
    Administrators
    .
  5. Click
    Add
    .
  6. In the
    Enter the object names to select
     field, type the name of the service account (for example, BESAdmin).
  7. Click
    OK
    .
  8. Click
    Apply
    .
  9. Click
    OK
    .
  10. On the taskbar, click
    Start > Administrative Tools > Local Security Policy
    .
  11. In the left pane, expand
    Local policies
    .
  12. Click
    User Rights Assignment
    .
  13. Configure
    Log on as a service
     permission for the service account.