Filter
Top Products
VA 7100/7400 Cluster Installation Guide
10/12/01 23
4 Create the Cluster Service Domain Account, Service
Group, OU Group Policy
Introduction
This procedure of this chapter should be performed by a Network Administrator, familiar with Windows 2000 Group
Policies and Security.
General Information
The cluster service on each cluster node will run under the security context of a domain user account. This account
must be created in the customer organizational unit (OU) and named OUName clusteradmin. In addition, a new user
group called OUName Cluster Group must be created in the customer OU (ensure that the Group Scope is set to
Global and the Group Type is set to Security). This user account must have the following local rights on each cluster
node:
• Act as part of the operating system
• Back up files and directories
• Increase quotas
• Increase scheduling priority
• Load and unload device drivers
• Lock pages in memory
• Log on as a service
• Restore files and directories
These local rights will be implemented via a Group Policy created later in this chapter.
NOTE Ensure that the customer OU already exists. It should have been created when the first server for
the customer site was provisioned. Do not manually create the OU.
The domain user account (OUName clusteradmin) to be created can also be used for the SQL server service and SQL
server agent service in the SQL server cluster environment (unless the Local System account is used instead). The
new user group (OUName Cluster Group) to be created is a global security group and will initially have only one
member, the domain user account OUName clusteradmin. The global security group, however, is a container designed
to hold additional cluster user accounts. If the customer installs additional clusters into their architecture, this group
will already have the appropriate user rights set by a Cluster GPO, and no additional security changes will be required.
This group (OUName Cluster Group) must also be made a member of the Service Accounts universal security group
located in the user container for the domain.
Preliminary Operations
Ensure that all requirements detailed in chapters 2 and 3 have been thoroughly reviewed and successfully completed
before proceeding to the Account/Group Creation Procedure.