|Account type||Account name||Placed in OU||Description|
|User||HGSAdmin||Red Card Admin||The account to manage HGS servers.|
|Security Group – Global||HGSAdmins||Groups||Members of this group are full admins of the Host Guardian (HGS) servers and services. Ensure HGSAdmin is a member of this group.|
|Security Group – Global||HGSViewAdmins||Groups||Members of this group can view all the configurations of Host Guardian (HGS) services, but do not have permission to change any configurations. HGSAdmin should be a member of this group.|
|Security Group – Domain Local||HGSgMSAUsers||Groups||Members of this group are HGS server cluster nodes which are part of the same HGS cluster, so they can use the same gMSA account to access the KPS service.|
|Organizational Unit||HGS Servers||Servers||This will contain all the HGS related computer objects. Ensure to add the HGSAdmins to have full control of the OU, and HGSViewAdmins to have read access to the OU.|
HGS server computer object account, must be a member of HGSgMSAUsers group. The object name must match the HGS server name in order to allow the HGS server joining to the domain.
Ensures the HGSAdmins has full control on the object.
|Computer||HGSCluster||HGS Servers||HGS ClusterEnsures the HGSAdmins has full control on the object.|
|Computer||HGSSvcs||HGS Servers||HGS VCO (Both HGSCluster and HGSSvcs are pre-stage per this article: https://technet.microsoft.com/en-us/library/dn466519.aspx Ensures the HGSAdmins has full control on the object.|
|msDS-Group ManagedServiceAccount||HGSgMSA||Service Accounts||HGS servers use this account to access the KPS service across HGS nodes.You can use the script below to create this account|
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.