User Account and Password Management - Advanced

Table of Contents

Overview

User accounts and passwords can be modified for CommServe, MediaAgents, and agents. In most cases, user accounts and passwords are established during the install of the specific component. If necessary, it can be changed after the install from the CommCell Console. The following sections describe the user account information that can be modified.

CommCell

Changing the CommCell Administrator Password

You may need to update the administrator password when you have an aging policy for passwords, or when a new administrator decides to use the same account as the former administrator.

Use the following steps to change the password for the CommCell administrator:

  1. From the CommCell Browser, go to Security > CommCell Users.
  2. Right-click the administrator account and click Properties.

    The User Properties dialog box appears.

  3. Select the Change Password check box and do the following:
    • In the Password box, type the new user password.
    • In the Confirm Password box, re-enter the password.
  4. Click OK.

    The Enter Password dialog box appears.

  5. Enter the current administrator password.
  6. Click OK.

SQL Accounts Created during CommServe Installation

When you install the CommServe, the software creates specific SQL accounts to import Dynamic-Link Library (DLL) files to the CommServe database. This applies for any CLR DLL files in the SQL Server.

The software creates the following SQL accounts:

  • CVDBCLRLogin
  • CVDM2DBCLRLogin
  • CVDM2XMLMsgLogin
  • CVManagedLoggerLogin

As these accounts are used internally by the software, you cannot use them to log on to the CommCell. By default, these accounts have no password.

CommCell Network Password

The CommCell network password is an internal security measure used to ensure that communications occur only between CommCell computers. By default, the software assigns each computer in the CommCell a different password. You can, at any time, define a new CommCell network password for any computer in the CommCell. Although you do not need to know the existing password to define a new one, you do need to have administrative privileges.

Use the following steps to change the CommCell network password:

  1. From the CommCell Console toolbar, click Control Panel.
  2. Under the Configure section, click System.
  3. Click the Change Password tab.
  4. Click the Change Network Password check box and do the following:
    • In the Change password for computer box, select the name of the computer for which you want to change the network password.
    • Type the new network password in the Password box and re-enter it in the Confirm Password box.
  5. Click OK.

Changing the Network Password for One or More Clients from the Command Line

Follow the steps below to update the network password:

  1. On the CommServe computer, change to the software installation base directory for the instance to test:

    cd software_installation_path/Base

  2. Run the ChangeNetworkPwd command:

    ChangeNetworkPwd [-listAllWeak | -updateAllWeak | clientName] -vm instance_name

    where:

    • listAllWeak is the option to list all the clients that need a stronger password.
    • updateAllWeak is the option to update all the clients in the CommServe instance that need a stronger password.
    • clientName is the name of one client on which the password will be updated.
    • vm is the name of the instance where the CommServe software is running. If not specified, Instance001 is used.

    For example, this command will update the password for client1:

    ChangeNetworkPwd client1 -vm instance002

  3. The password is updated for the client.
  4. To verify the operation, change to the software_installation_path\Log Files folder and review the ChangeNetworkPwd.log file.

MediaAgent

Media Password

The Media Password is used to prevent unauthorized access of data from media when using the Media Explorer (DR Tool) to restore data. The password is stored as an encrypted string on the On Media Label (OML) of the tape and in the SQL database.

One media password is allowed per media. If you change the media password, it will be effective for the next media. However, if you want to access the existing media, you will need to use the old media password.

Note: If you want to provide more security by not allowing anyone else to read and decipher data on the media, enable Data Encryption and Hardware Encryption.

Use the following steps to change the media password:

  1. From the CommCell Console toolbar, click Control Panel.
  2. Under the Configure section, click System.

    The System dialog box is displayed.

  3. Click the Change Password tab.
  4. Click the Change Media Password check box and specify the following:
    • Type the new media password in the Enter New Media Password box and re-enter it in the Confirm New Media Password box.
    • Type the old media password in the Enter Old Media Password box.

      Note: If this is the first time you are setting the media password, leave the Enter Old Media Password box blank.

  5. Click OK.

Mount Path Passwords for Shared Disk Libraries

When shared disk libraries are configured over the network, user accounts are required to access the mount paths. These accounts are defined in the device properties of the shared disk. You must associate the user accounts with the mount paths.

  1. On the ribbon in the CommCell Console, click the Storage tab, and then click Library and Drive.

  2. Under Available MediaAgents, select the MediaAgents that are attached to the library and then click Add.

    Click OK.

  3. Click the Shared Disk Device tab.
  4. Locate the device, expand it, and then right-click the mount path.

    The associated account should be defined under Network Path in the Sharing Folder Properties dialog box.

You can change the passwords of the account that are used to access the mount paths.

  1. On the ribbon in the CommCell Console, click the Home tab, and then click Control Panel.
  2. Under the Configure section, click User Account Management.
  3. Enter the Current Credentials of the user account associated to the mount path in the User name and Password boxes.
  4. Perform the following:
    1. In the Password box, enter the new password for the user account.
    2. In the Confirm Password box, reenter the password.
    3. In the Notes box, specify the reason for the user account change.
    4. Click Preview to see all the mount paths associated with the account that will be updated.
    5. Click OK.
  5. Click OK.

Agents

The user account information for each Agent is used to back up and restore data from the client in which the Agent is installed.

Active Directory iDataAgent

By default, the user credentials provided during the Agent installation are used to back up the Active Directory Server.

User Privileges

The following table describes the user privileges required by the Active Directory iDataAgent.

Operating System Domain Controller Non-Domain Controller Domain Controller & ADAM/LDS Non-Domain Controller & ADAM/LDS Notes
Windows XP  N/A N/A N/A ADAM Admin  
Windows 2003 Domain Admin N/A Domain Admin and ADAM Admin ADAM Admin  
Windows 2008 Domain Admin Local Admin Domain Admin and LDS Admin LDS Admin and Local Admin Supports Offline DB mounting
Windows 2008 R2 Domain Admin Local Admin Domain Admin and LDS Admin LDS Admin and Local Admin Supports Offline DB mounting
Windows 2012 Domain Admin Local Admin Domain Admin and LDS Admin LDS Admin and Local Admin  
Windows 2012 R2 Domain Admin Local Admin Domain Admin and LDS Admin LDS Admin and Local Admin  

Domain Admin – A user that belongs to Domain Administrator group for that domain

ADAM (Active Directory Application Mode) Admin – A user that belongs to Roles\Administrator group (container) of configuration partition for that ADAM instance.

LDS (Lightweight Directory Services) Admin – A user that belongs to Roles\Administrator group (container) of configuration partition for that LDS instance.

Local Admin – A user that belongs to Local Administrators group.

  • If a user with the required privileges does not exist, create one and assign the necessary rights. Use this user during installation of the Active Directory iDataAgent.
  • For more information on ADAM users and groups, see "Understanding ADAM users and groups" on the Microsoft website (http://technet.microsoft.com/en-us/library/cc781482(v=ws.10).aspx).

At the Agent Level

Use the following steps to change the user credentials at the Agent level:

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click Active Directory and click Properties.
  3. Click Change Account.
  4. Type the username and password for the user account which has rights to back up and restore data from the Active Directory Server.

    The correct format for specifying a user is Domain\User.

  5. Click OK.

At the Client Computer Group Level

This user account will be used for all computers within a Client Computer Group. Configure the user account at this level if different users will be conducting backup and restore operations for each Client Computer Group in your organization. This user account will override the user account configured at the CommCell level.

  1. From the CommCell Browser, navigate to the Client Computer Groups node.
  2. Verify that all the Agent clients for which you wish to configure the user account are included in the Client Computer Groups.
  3. Right-click the <Client Group> and click Properties.
  4. Click the Advanced Settings tab.
  5. Click the Override higher levels settings check box.
  6. Select one of the following:
    • Use Local System Account, if the computer's Administrator account contains the required privileges.
    • Impersonate User, if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.
  7. Click OK.

The user credentials provided at the client computer group level are ignored if the client belongs to more than one group. In this case, provide the user credentials at the instance level.

ContinuousDataReplicator

The ContinuousDataReplicator requires a Windows user account that has sufficient privileges for the software to:

  • Perform backups and restores
  • Access the Windows registry

By default, the local system administrator account is used.

Initially, the user account credentials is provided during the replication set configuration after the installation of the Agent. You can change the user account at the Client Computer Group, Agent, and Replication Set levels. Accounts configured at each level will be used for all entities within that level as described in the following sections.

At the Client Computer Group Level

This user account will be used for all computers within a Client Computer Group. Configure the user account at this level if different users will be conducting backup and restore operations for each Client Computer Group in your organization. This user account will override the user account configured at the CommCell level.

  1. From the CommCell Browser, navigate to the Client Computer Groups node.
  2. Verify that all the Agent clients for which you wish to configure the user account are included in the Client Computer Groups.
  3. Right-click the <Client Group> and click Properties.
  4. Click the Advanced Settings tab.
  5. Click the Override higher levels settings check box.
  6. Select one of the following:
    • Use Local System Account, if the computer's Administrator account contains the required privileges.
    • Impersonate User, if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.
  7. Click OK.

The user credentials provided at the client computer group level are ignored if the client belongs to more than one group. In this case, provide the user credentials at the instance level.

At the Agent Level

On a Windows client computer, use the following steps to change the user account for accessing the ContinuousDataReplicator application server:

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click Continuous Data Replicator and click Properties.
  3. Click Edit.
  4. Enable the Use Username and Password check box.
  5. Type the new user name in the User Name box.
  6. Type the new password in the Password box and re-type it in the Confirm Password box.
  7. Click OK.

At the Replication Set Level

On a Windows client computer, use the following steps to change the user account for a Replication Set:

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click Replication Set and click Properties.
  3. Click Edit.
  4. Enable the Use Username and Password check box.
  5. Type the new user name in the User Name box.
  6. Type the new password in the Password box and re-type it in the Confirm Password box.
  7. Click OK.

DB2 and DB2 MultiNode iDataAgents

The DB2 iDataAgent requires a user account that has sufficient privileges to perform the following:

  • Perform backup and restore operations
  • Access Windows/Unix registry keys
  • Stop or Start DB2 services on Windows/Unix clients

By default, the DB2 user with administrator privileges is used for performing backups and restores. However, if you want to use a non-DB2 admin user, make sure that the user has the following privileges:

Operating System The User Account Should Be
Windows Local Administrator of the computer on which the DB2 database resides.
UNIX Member of the user group assigned during the iDataAgent install.
All
  • The user should be part of the SYSMAINT_GROUP and SYSCTRL_GROUP authorities.

    db2 update dbm cfg using SYSMAINT_GROUP <user_name or user_group>

    db2 update dbm cfg using SYSCTRL_GROUP <user_name or user_group>

  • The user should have DBADM privileges on the database.

    db2 grant dbadm on database to <new_user>

Initially, the user account credentials is provided during the instance configuration after the installation of the Agent. You can change the user account at the Client Computer Group, Instance and Backup Set levels. Accounts configured at each level will be used for all entities within that level.

At the Client Computer Group Level

This user account will be used for all computers within a Client Computer Group. Configure the user account at this level if different users will be conducting backup and restore operations for each Client Computer Group in your organization. This user account will override the user account configured at the CommCell level.

  1. From the CommCell Browser, navigate to the Client Computer Groups node.
  2. Verify that all the Agent clients for which you wish to configure the user account are included in the Client Computer Groups.
  3. Right-click the <Client Group> and click Properties.
  4. Click the Advanced Settings tab.
  5. Click the Override higher levels settings check box.
  6. Select one of the following:
    • Use Local System Account, if the computer's Administrator account contains the required privileges.
    • Impersonate User, if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.
  7. Click OK.

The user credentials provided at the client computer group level are ignored if the client belongs to more than one group. In this case, provide the user credentials at the instance level.

At the Instance Level

This user account will be used for subsequent new backup sets created within the instance. Configure the user account at this level if backup and restore operations will be conducted by a different user for each instance.

  1. Navigate to Client Computers | <Client> | DB2.
  2. Right-click the <Instance> and then click Properties.
  3. Click Change.
  4. In the DB2 User Account box, type the name of the user account to be used for accessing the DB2 application.
  5. In the Password box, type the password for the user account.
  6. In the Confirm Password box, retype the password, and then click OK.
  7. Click OK.

At the Backup Set Level

This user account will be used for a specific backup set. When you modify the user account for an instance, new backup sets created within the instance use the new account. However, existing backup sets continue to use the earlier user account unless modified manually.

Use the following steps to change the user account for a specific backup set:

  1. Navigate to Client Computers | <Client> | DB2 | <Instance>.
  2. Right-click the <backup set>, and click Properties.
  3. Select the Connect as a Different user check box.
  4. Click Change.
  5. In the DB2 User Account box, type the user account to be used for accessing the DB2 application.
  6. In the Password box, type the password for the user account.
  7. In the Confirm Password box, retype the password, and then click OK.
  8. Click OK.

Documentum iDataAgent

The Documentum iDataAgent requires the following application accounts to perform backup and restore operations:
  • A Docbase account to access the Documentum Docbase (or Repository).
  • A database account to access either Oracle or DB2 or SQL database.

The credentials for the Docbase and database accounts are provided during the instance configuration after the installation of the Agent. You can change the user accounts at the instance level for both application accounts.

The following table illustrates the required privileges for these accounts:

Docbase Account Database Account
Documentum Oracle DB2 SQL
The Documentum iDataAgent requires a user account to log on to the related Documentum docbase to access the data. The user account is the Documentum Install owner account that was used to install the Documentum software.

The account is already set up on the client after the Documentum software installation.

 
The Documentum iDataAgent requires an Oracle user account to access the Oracle application and database. You may have separate user accounts to access these components.

Refer to the Oracle iDataAgent section to review the required privileges the database account should have.

The Documentum iDataAgent requires a DB2 account to access the database.

Refer to the DB2 iDataAgent section to review the required privileges the database account should have.

The Documentum iDataAgent requires an SQL account to access the database.

Refer to the Microsoft SQL Server iDataAgent section to review the required privileges the database account should have.

Change the Docbase Account

Use the following steps to change the Docbase (or Documentum Repository) user account details from the instance level:

  1. Navigate to Client Computers | <Client> | Documentum.
  2. Right-click the <Instance> and then click Properties.
  3. Click Change.
  4. In the User Name box, type the name of the user account.
  5. In the Enter Password box, type the password for the user account.
  6. In the Confirm Password box, retype the password, and then click OK.
  7. Click Discover to validate the Docbase account you provided and to update the Storage Area and Full-text Indexes.

    If the validation is successful, the Docbase Version and Docbase ID of the instance are updated based on the new user account.

  8. Click OK.

Change the Database Account for Oracle

Use the following steps to change the Oracle database/application account credentials from the instance level:

  1. Navigate to Client Computers | <Client> | Documentum.
  2. Right-click the <Instance> and then click Properties.
  3. Click the Database tab.
  4. Click Change.
  5. In the User Name box, type the name of the user account to access the Oracle application, and then click OK.
  6. To change the database access credentials, type the following in the Connect String box to connect to the Oracle database:
    • Type the Database user ID.
    • Click the password box and type the password for the user ID in the Enter Password box.
    • In the Confirm Password box, retype the password, and then click OK.
    • Type the Oracle service name.
  7. Click OK.

Change the Database Account for DB2

Use the following steps to change the DB2 database account credentials from the instance level:

  1. Navigate to Client Computers | <Client> | Documentum.
  2. Right-click the <Instance> and then click Properties.
  3. Click the Database tab.
  4. Click Change.
  5. In the User Account box, type the name of the user account to access the DB2 database.
  6. In the Password box, type the password for the user account.
  7. In the Confirm Password box, retype the password, and then click OK.
  8. Click OK.

Change the Database Account for SQL

Use the following steps to change the SQL database account credentials from the instance level:

  1. Navigate to Client Computers | <Client> | Documentum.
  2. Right-click the <Instance> and then click Properties.
  3. Click the Database tab.
  4. Click Change.
  5. In the User Account box, type the name of the user account to access the SQL database.
  6. In the Password box, type the password for the user account.
  7. In the Confirm Password box, retype the password, and then click OK.
  8. Click OK.

Exchange Server Agents

The Exchange Agents require a user account that has Exchange administrator privileges to:

  • Perform backups and restores
  • Log on to the related server to access the data

Additional accounts should be established by the Exchange database administrator.

By default, a user account with Exchange Administrator privileges is provided during the Agent installation. You can change the user account at the Agent level.

The affected Exchange agents include:

  • Exchange Database
  • Exchange Mailbox
  • Exchange Public Folder
  • Exchange Compliance Archiver
  • Exchange Mailbox Archiver
  • Exchange Public Folder Archiver

Change User Account for the Exchange Agents

  1. From the CommCell Browser, expand Client Computers > client.
  2. Right-click Exchange, and then click Properties.

    The Properties dialog box appears.

  3. Click Change Account.
  4. Type the user name in the Exchange Administrator Account box.
  5. Type the password in the Password box and reenter it in the Confirm Password box.
  6. Click OK.

Change User Account for the Exchange 2010 DAG Agents

In DAG configurations, you need to run a q-script to update the user account using the following command:

qoperation execscript -sn updateDAGADCredential -si 'clientName' -si 'userName' -p2 'password'

Adding Active Directory User Groups for Exchange Mailbox Agents

To configure the mailboxes of the Active Directory user groups for Auto-Discovery operations, you need to specify a user account that can authenticate against the Active Directory domain. Refer to the following procedures for more information:

Message Recovery Operations for the Outlook Add-IN

CommCell authentication is required for end-users to perform advanced message recovery operations such as find recoveries and browse recoveries from Outlook using the DataArchiver Outlook Add-In. The Single Sign On (SSO) feature allows Exchange administrators to establish a CommCell User Group for Outlook Add-In end-users to perform these functions using their existing Windows user accounts and passwords residing in the Active Directory domain. Refer to Getting Started - Outlook Add-In - Administrator for more information.

Simpana OnePass Agent for BlueArc

The credentials for the user account are provided during the subclient configuration after the installation of the Agent.

Use the following steps to change the user account to access data residing on the File Server:

  1. Navigate to Client Computers | <Client> | File System  | <Backupset>.
  2. Right-click the <Subclient> and then click Properties.
  3. Click Content tab.
  4. In the Impersonate NT User dialog box, type the user name in the User Account box.
  5. Type the new Password in the Enter Password box and retype it in the Confirm Password box.
  6. Click OK.

Simpana OnePass Agent for Netapp (FPolicy)

The credentials for the user account are provided during the subclient configuration after the installation of the Agent.

Use the following steps to change the user account to access data residing on the File Server:

  1. Navigate to Client Computers | <Client> | File System  | <Backupset>.
  2. Right-click the <Subclient> and then click Properties.
  3. Click Content tab.
  4. In the Impersonate NT User dialog box, type the user name in the User Account box.
  5. Type the new Password in the Enter Password box and retype it in the Confirm Password box.
  6. Click OK.

Simpana OnePass Agent for Celerra

The credentials for the user account are provided during the subclient configuration after the installation of the Agent.

Use the following steps to change the user account to access data residing on the File Server:

  1. Navigate to Client Computers | <Client> | File System  | <Backupset>.
  2. Right-click the <Subclient> and then click Properties.
  3. Click Content tab.
  4. In the Impersonate NT User dialog box, type the user name in the User Account box.
  5. Type the new Password in the Enter Password box and retype it in the Confirm Password box.
  6. Click OK.

Informix iDataAgent

The Informix iDataAgent requires a user account to access the Informix application and database to perform backup and restore operations.

By default, the following are used:

  • For Windows, the local system administrator.
  • For UNIX and LINUX, it is the Informix database owner.

Initially, the user credentials is provided during the Agent installation. You can subsequently change the user account at the Instance level.

Use the following steps to change the Informix user name:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Informix.
  2. Right-click the <Instance> and click Properties.
  3. On Windows clients:
    • Click Change.
    • In the User Name box, type the user account name.
    • In the Password box, type the password for the user account.
    • In the Confirm Password box, retype the password, and then click OK.

  4. On Unix clients, in the Informix USER box, type the user account to access the Informix application.

  5. Click OK.

Microsoft SQL Server iDataAgent

The SQL Server iDataAgent requires a Windows user account that has sufficient privileges for the software to:

  • Perform backups and restores
  • Access the Windows registry
  • Stop or start the SQL Server services.

By default, the local system account is used. The following table illustrates the requirements for a user-defined account:

If the SQL Server Is The User Account Should Be:
Member of a WorkGroup
  • Local Administrator of the computer on which the SQL Server resides, like computer_name\user1.
  • Member of the SQL sysadmin fixed server role.
Member of a Domain An account other than the Domain Administrator account that has Administrator and SQL sa privileges. The account should have interactive logon rights on the computer where the SQL Server resides.

Initially, the user credentials are not provided during the agent installation and by default, the local system account is used. You can change the user account at the CommCell, client computer group, agent, and instance levels. Accounts configured at each level will be used for all entities within that level as described in the following sections.

You can use any SQL account that satisfies the account requirement or use a user account from which SQL Server services are running by providing their respective login credentials.

In order to access the SQL Server databases to perform data protection and recovery operations, the SQL sysadmin rights are required.

For more information about the SQL sysadmin privileges, go to the Microsoft Support website and search for Microsoft KB article 2926557, SQL Server VDI backup and restore operations require Sysadmin privileges.

At the CommCell Level

This user account will be used for all SQL Server iDataAgents in your CommCell. Configure the user account at this level if one person will be conducting all backup and restore operations in your organization.

  1. From the CommCell Console ribbon, click the Home tab, and then click Control Panel.
  2. Under the Configure section, click SQL iDataAgent Configuration.
  3. In the SQL iDataAgent Configuration dialog box, select one of the following:
    • Use Local System Account if the Administrator account for the computer contains the required privileges.
    • Impersonate User if a different account contains the required privileges. Type the User Name and Password for this account in the space provided.
  4. Click OK.

At the Client Computer Group Level

This user account will be used for all computers within a Client Computer Group. Configure the user account at this level if different users will be conducting backup and restore operations for each Client Computer Group in your organization. This user account will override the user account configured at the CommCell level.

  1. From the CommCell Browser, navigate to the Client Computer Groups node.
  2. Verify that all the Agent clients for which you wish to configure the user account are included in the Client Computer Groups.
  3. Right-click the <Client Group> and click Properties.
  4. Click the Advanced Settings tab.
  5. Click the Override higher levels settings check box.
  6. Select one of the following:
    • Use Local System Account, if the computer's Administrator account contains the required privileges.
    • Impersonate User, if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.
  7. Click OK.

We recommend that you associate a SQL client to only one client group that has a user account configured at the client computer group level. Else, you can also set the user account at the client level or the instance level.

At the Agent Level

This user account will be used for all instances and associated subclients. Configure the user account at this level if one person will be conducting all backup and restore operations on the client on which the SQL Server iDataAgent is installed. This user account will override the user account configured at the CommCell and Client Computer Group levels.

  1. Navigate to Client Computers | <Client>.
  2. Right-click SQL Server and click Properties.
  3. Click the Authentication tab.
  4. Enable the Override higher levels settings check box.
  5. Select the following:

    Use Local System Account if the computer's Administrator account contains the required privileges.

    Impersonate User if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.

  6. Click OK.

At the Instance Level

This user account will be used for all subclients within the instance. Configure the user account at this level if backup and restore operations will be conducted by a different person for each instance. This user account will override the user account configured at the CommCell, Client Computer Group, and Agent levels.

  1. Navigate to Client Computers | <Client> | SQL Server .
  2. Right-click the <Instance> and click Properties.
  3. Click the Accounts tab.
  4. Enable the Override higher levels settings check box.
  5. Select the following:

    Use Local System Account if the computer's Administrator account contains the required privileges.

    Impersonate User if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.

  6. Click OK.

Microsoft Windows File System iDataAgent

Users performing backups must be either an administrator or a backup operator. The LocalSystem Account is the default account used to backup all files. Make sure that the LocalSystem Account must have read or write access to the files being backed up, or have backup or restore privileges set on the computer where the files reside.

Backup operators (or Service Users) are designed to have full control to the registry and the installation folder.

Role Privileges
An administrator or a backup operator in a local group Able to back up any file and folder on the local computer to which the local group applies.
An administrator or backup operator on a domain controller Able to back up any file and folder on:
  • a computer in the domain
  • a computer in a domain where a two-way trust relationship exists

If you are not an administrator or backup operator, you must be the owner of the files and folders you want to back up or have one or more of the following permissions.

  • Read
  • Read and execute
  • Modify
  • Full Control

The following sections describe the procedures for modifying user permissions and rights.

Configuring Windows Users on an Individual Server

To add a user to the Backup Operators Group, perform the following steps on an individual server:

  1. Navigate to Start | Settings | Control Panel | Administrative Tools.
  2. Double-click Computer Management.
  3. Navigate to Local User and Groups | Users.
  4. Right-click the user who will be performing backups and click Member of.
  5. Add the Backup Operators group to the User.
  6. Click OK.
  7. Log off and log in as the domain controller Administrator for the policies to take effect.

Configuring Windows Users on a Domain Controller

To add a user to the Backup Operators Group, perform the following steps on the domain controller:

  1. Create or prepare to manage a Windows user who will run the services.
  2. Navigate to Active Directory Users | Computers | Users.
  3. Right-click the user who will be performing backups and click Member of.
  4. Add the Backup Operators group to the User.
  5. Click OK.
  6. Log off and log in as the domain controller Administrator for the policies to take effect.

Configuring Windows Users for Specific Folders

  1. Right-click the folder to be backed up and select Properties.
  2. Select the Security tab
  3. Enable Add Backup Operators with full control rights.
  4. Click OK.

Configuring Credentials for UNC Path Content

The user must have privileges to:

  • Access the share to which the UNC Path is pointing.
  • Log on to the client machine that is running the backup.
  • The logs on the client machine.

To perform backup or restore operations using a UNC Path as either the content of the subclient or the destination for a restore, the user account should have Administrative privileges.

Use the following steps to change the User Account for the UNC Path content:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Agent.
  2. Right-click the <Subclient> and click Properties.
  3. Click Content tab.
  4. Click Add Paths and type in the UNC path of the share that you want to add.

    Repeat this step if you want to add more files and/or folders to the content.

  5. Click As User.
  6. Type the new user name in the User Name box.
  7. Type the new password in the Password box and retype it in the Confirm Password box.
  8. Click OK.

Configuring Credentials for Restricted Drives or Directories

You can define a user with permissions to restore data to either mapped/shared network drives or directories to which you have no write privileges.

  1. From the CommCell Browser, navigate to Client Computers | <Client> | File System.
  2. Right-click the <BackupSet> and click All Tasks and then click Browse and Restore.
  3. Click View Content.
  4. Select the data that you want to restore and then click Recover All Selected.
  5. From the Restore Options for All Selected Items dialog box, enable the Impersonate User check box.
  6. Type the new user name in the User Name box.
  7. Type the new password in the Password box and retype it in the Confirm Password box.
  8. Click OK.

View or Modify User Rights Assignments on a Workgroup or Member Server

Follow the steps to view or modify user rights assignments on a Workgroup or Member Server:

  1. Click Start > Settings > Control Panel > Administrative Tools.

  2. From Administrative Tools, select the local security policy and add the Service user to all the required rights (logon as service, backup, restore).

View or Modify User Rights Assignments on a Domain Controller

Follow the steps below to view or modify user rights assignments on a domain controller:

  1. Click Start > Settings > Control Panel > Administrative Tools.

  2. From Administrative Tools\Domain Controller Security Policy, expand the tree to Security Settings, Local Policies, and User Rights Assignment. Add the user to all the required rights (logon as service, backup, restore).

MySQL iDataAgent

The MySQL iDataAgent requires a MySQL Server user account that has sufficient privileges for the software to:

  • Perform backups and restores
  • Access the MySQL Server application
  • Stop or start the MySQL Server services

The following table illustrates the necessary privileges the user account should have to perform backup and restore operations:

Operations Privileges MySQL User Should Have Example Query to Grant the Permission
Backup
  • SHOW DATABASES
  • SUPER
  • RELOAD
  • SELECT
  • LOCK TABLES
  1. mysql> GRANT SHOW DATABASES, SELECT, LOCK TABLES, RELOAD, SUPER ON *.* to '<backup_agent_user>'@'localhost' IDENTIFIED BY '<backup_agent_password>';
    mysql> GRANT SHOW DATABASES, SELECT, LOCK TABLES, RELOAD, SUPER ON *.* to '<backup_agent_user>'@'127.0.0.1' IDENTIFIED BY '<backup_agent_password>';
    mysql> FLUSH PRIVILEGES;
  2. It is recommended to grant all Database Administrator privileges to perform backup operations for some versions.

    Example: For MySQL 5.7 and later, you should grant all Database Administrator privileges to perform backup operations.

    mysql> GRANT ALL PRIVILEGES ON *.* TO '<backup_agent_user>'@'localhost' IDENTIFIED BY '<backup_agent_password>';
    mysql> GRANT ALL PRIVILEGES ON *.* TO '<backup_agent_user>'@'127.0.0.1' IDENTIFIED BY '<backup_agent_password>';
    mysql> FLUSH PRIVILEGES;

Restore Full Database Administrator privileges mysql> GRANT ALL PRIVILEGES ON *.* TO '<restore_agent_user>'@'localhost' IDENTIFIED BY '<restore_agent_password>';
mysql> GRANT ALL PRIVILEGES ON *.* TO <restore_agent_user>'@'127.0.0.1' IDENTIFIED BY '<restore_agent_password>';
mysql> FLUSH PRIVILEGES;

Initially, the user account credentials is provided during the instance configuration after the installation of the Agent. You can change the user account at the Instance level.

At the Instance Level

Use the following steps to change the user account for an Instance.

  1. From the CommCell Browser, navigate to Client Computers | <Client> | MySQL.
  2. Right-click the <Instance> and click Properties.
  3. Click the Accounts tab.
  4. Type the user name in the User Name box.
  5. Type the SA user name in the SA User Name box.
  6. Type the password in the SA Account Password box and retype it in the SA Confirm Password box.
  7. Click OK.

NAS Agents

The NAS iDataAgent requires a user account to access the file server to perform backup and restore operations. If the file server access information has been modified, follow the steps given below to change the user account settings.

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click NAS and click Properties.
  3. Click NDMP Properties.

    The NDMP Server Properties dialog box appears.

  4. Select the Change Password check box.
  5. Type the user name in the NDMP Login box.
    • For NetApp, type root.
    • For EMC Celerra, type ndmp.
    • For all other file servers, use any value.
  6. Type the password in the NDMP Password box.
  7. Click OK.
  8. Click OK to close the NAS Properties dialog box.

NetWare Server iDataAgents

To perform data protection and recovery operations, the NetWare Server agents require a user account to log on to the related server to access the data. This account information is input during the NetWare Server iDataAgent install.

  • For the File System iDataAgent and GroupWise iDataAgent, the named user account should have supervisor privileges for the NetWare server.
  • For the Novell Directory Service (NDS) iDataAgent, the named user account should have supervisor privileges for the root of the NDS tree on the NetWare server.

This account must already be set up on the client. Additional accounts should be established by the NetWare Server administrator. To establish additional accounts on your own, use the appropriate NetWare administration tool or consult the appropriate NetWare Server application documentation.

The user account can be added or modified from the CommCell Console at the agent level. See Change Account for Accessing Application Servers or Filers for step-by-step instructions.

Other User Accounts

Oracle iDataAgents

The Oracle iDataAgent require the following two user accounts in order to perform backup and restore operations:

  1. An operating system account with administrator privileges to access the Oracle application.

    The following table illustrates the user account requirements for each operating system:

    Operating System The User Account Should Be
    Windows
    • Local Administrator of the computer on which the Oracle database resides.
    • User should be part of the ora_dba group with read/write permissions on the SnapProtect folder.
    UNIX Member of the user group assigned during the iDataAgent installation. The operating system user account can also be used.
  2. An oracle user  account with sysdba privilege to access the Oracle database (Standard and Recovery Catalog databases). The account information is provided as a connect string with the following information:
    • Database User ID
    • Password for User ID
    • Oracle Service Name (As defined in tnsnames.ora file)

    You can use separate accounts to access the target database and the Recovery Catalog database. The Recovery Catalog database user account must have RECOVERY_CATALOG_OWNER privileges.

    By default, the user account for the target database has administration privileges.

    Additional accounts (except Impersonate User) should be established by the Oracle database administrator.

    Initially, the user account credentials are provided during the instance configuration after the installation of the Agent. You can subsequently change the user account information to access the Oracle database and application at the Instance level whenever the credentials are updated.

Configuring User Account to Access the Oracle Application

Use the following steps to configure the user account to access the Oracle application:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Oracle.
  2. Right-click the <Instance>, and then click Properties.
    • On the Properties dialog, navigate to the General tab.
    • For Windows clients:
      • Click Change, which displays the Impersonate NT User dialog.
      • In the User Account box, enter the user account name.
      • In the Enter Password box, enter the password for the user account.
      • In the Confirm Password box, re-enter the password, and then click OK.
      For Unix clients:
      In the User Account box, enter the user account to access the Oracle application.
    • Click OK.

Configuring User Account to Access the Oracle Database

Use the following steps to configure the user account privileges to access the Oracle database:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Oracle.
  2. Right-click the <Instance>, and then click Properties.
  3. Navigate to the Details tab on the Properties dialog
  4. Enter the Connect String to connect to the Oracle database as follows:
    • Enter the Database user ID in the first box.
    • Enter the Password in the second box.
    • In the Confirm Password dialog, re-enter the password, and click OK.
    • Enter the Oracle Service name in the third box.
    For example, in the following:
    sysdba/<password>@orcl
    sysdba is the Database User ID, <password> is the Database User ID password, and orcl is the Oracle service name.
  5. Click OK.

Oracle RAC iDataAgents

The Oracle RAC iDataAgent requires the following two user accounts in order to perform backup and restore operations:

  1. An operating system account with administrator privileges to access the Oracle application.

    The following table illustrates the user account requirements for each operating system:

    Operating System The User Account Should Be
    Windows
    • Local Administrator of the computer on which the Oracle database resides.
    • User should be part of the ora_dba group with read/write permissions on the SnapProtect folder.
    UNIX Member of the user group assigned during the iDataAgent installation. The operating system user account can also be used.
  2. An oracle user  account with sysdba privilege to access the Oracle database (Standard and Recovery Catalog databases). The account information is provided as a connect string with the following information:
    • Database User ID
    • Password for User ID
    • Oracle Service Name (As defined in tnsnames.ora file)

    You can use separate accounts to access the target database and the Recovery Catalog database. The Recovery Catalog database user account must have RECOVERY_CATALOG_OWNER privileges.

    By default, the user account for the target database has administration privileges.

    Additional accounts (except Impersonate User) should be established by the Oracle database administrator.

    Initially, the user account credentials are provided during the instance configuration after the installation of the Agent. You can subsequently change the user account information to access the Oracle database and application at the Instance level whenever the credentials are updated.

Configuring User Account to Access the Oracle Application

Use the following steps to configure the user account to access the Oracle application:

  1. From the CommCell Browser, navigate to Client Computers | <RAC Client>.
  2. Right-click the <Instance>, and then click Properties.
  3. Click the Details tab.
  4. Select the desired instance, and then click Modify.

    On Windows clients:

    • Click Change User Account.
    • In the User Account box, type the user account name.
    • In the Enter Password box, type the password for the user account.
    • In the Confirm Password box, retype the password, and then click OK.

     

    On Unix Clients:

    • Click Change User Account.
    • In the User Name box, type the user name, and then click OK.
  5. Click OK.

Configuring User Account to Access the Oracle Database

Use the following steps to configure the user account privileges to access the Oracle database:

  1. From the CommCell Browser, navigate to Client Computers | <RAC Client>.
  2. Right-click the <Instance>, and then click Properties.
  3. Click the Details tab.
  4. Select the desired instance, and then click Modify.
  5. In the Connect String box, type the connect string to connect to the Oracle database as follows:
    • Type the Database user ID.
    • Click the password box and type the password for the user ID in the Enter Password box.
    • In the Confirm Password box, retype the password, and then click OK.
    • Type the Oracle service name.

    For example:

    sys/<password>@winrac1

    where, sys is the Database User ID, <password> is the password of the Database User ID, and winrac1 is the Oracle service name.

  6. Click OK.

OSSV Plug-In Agent

If the file server access information has been modified, follow the steps given below to change the user account settings.

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click the OSSV Plug-In and click Properties.
  3. Click NDMP Properties.
  4. Select the Change Password check box.
  5. Enter the user name in the NDMP Login box.
  6. Enter the password in the NDMP Password box.
  7. Click OK.

PostgreSQL iDataAgent

The PostgreSQL iDataAgent requires a user account that has sufficient privileges to perform the following:

• Perform backup and restore operations

• Access the PostgreSQL Server application

• Stop or Start PostgreSQL services

The following table illustrates the necessary privileges the user account should have to perform backup and restore operations:

Operations Privileges PostgreSQL User Should Have:
Backup Full Database Administrator privileges.
Restore Full Database Administrator privileges.

Initially, the user account credentials is provided during the instance configuration after the installation of the Agent. You can change the user account at the Instance level.

At the Instance Level

This user account will be used for all instances and associated subclients. Use the following steps to change the user account for an Instance:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | PostGreSQL.
  2. Right-click the <Instance> and click Properties.
  3. Click the Accounts tab.
  4. Type the user name in the PostGres User Name box.
  5. Type the password in the PostGres Account Password box.
  6. Retype the password in the PostGres Confirm Password box.
  7. Click OK.

SAP for Oracle iDataAgents

The SAP for Oracle iDataAgent requires the following two user accounts in order to perform backup and restore operations:

  1. An operating system account with administrator privileges to access the Oracle application.

    The following table illustrates the user account requirements for each operating system:

    Operating System The User Account Should Be
    Windows
    • Local Administrator of the computer on which the Oracle database resides.
    • User should be part of the ora_dba group with read/write permissions on the SnapProtect folder.
    UNIX Member of the user group assigned during the iDataAgent installation. The operating system user account can also be used.
  2. An oracle user  account with sysdba privilege to access the Oracle database (Standard and Recovery Catalog databases). The account information is provided as a connect string with the following information:
    • Database User ID
    • Password for User ID
    • Oracle Service Name (As defined in tnsnames.ora file)

    You can use separate accounts to access the target database and the Recovery Catalog database. The Recovery Catalog database user account must have RECOVERY_CATALOG_OWNER privileges.

    By default, the user account for the target database has administration privileges.

    Additional accounts (except Impersonate User) should be established by the Oracle database administrator.

    Initially, the user account credentials are provided during the instance configuration after the installation of the Agent. You can subsequently change the user account information to access the Oracle database and application at the Instance level whenever the credentials are updated.

Configuring the User Account to Access the Oracle Application

Use the following steps to configure the user account to access the Oracle application:

  1. From the CommCell Browser, go to Client Computers > client > SAP for ORACLE.
  2. Right-click the instance and click Properties.

    The instance Properties dialog box appears.

  3. Update the user account information on the client:
    • For Windows clients do the following:
      1. On the General tab, click Change.

        The Impersonate User dialog box appears.

      2. In the User Account box, type the user account name using the following format: <client_name>/<SID_name>adm.
      3. In the Enter Password box, type the password for the user account.
      4. In the Confirm Password box, retype the password, and then click OK.
    • For Unix clients, enter the new user name in the ORACLE USER box using the following format: <SID_name>adm.
  4. Click OK.

You can also provide the user account credentials from the command line during backup and restore operations.

Configuring the User Account to Access the Oracle Database

Use the following steps to configure the user account privileges to access the Oracle database:

  1. From the CommCell Browser, go to Client Computers > client > SAP for ORACLE.
  2. Right-click the instance and click Properties.

    The instance Properties dialog box appears.

  3. Click the Details tab.
  4. In the Connect String boxes, type the connect string to connect to the Oracle database as follows:
    • In the first box, type the database user ID.
    • In the second box, type the password for the user ID.
    • In the Confirm Password dialog box, re-enter the password and click OK.
    • In the third box, type the Oracle service name.

    For example:

    sys/password@CER

    where, sys is the database user ID, password is the password for the database user ID, and CER is the Oracle service name.

  5. Click OK.

SharePoint Agents

The SharePoint Server iDataAgent and SharePoint Archiver require a user account that has sufficient privileges for the software to:

  • Log on to the file server to access the data.
  • Create and modify the SharePoint database.
  • Perform backup and restore operations.

The SharePoint Agents require an user account with the following privileges:

  • Member of the local Administrator Group.
  • Member of the SharePoint Administrator Group.
  • SharePoint Server Farm Administrator
  • System Administrator role on the SQL Server Instance.
  • SP Shell Administrator permissions.
  • This account must have "Log on as Service" permissions to ensure the Communication (CVD) Services will start.

    Refer to the Knowledge Base article Galaxy Service Account User Information for Windows 2003 and Window Server 2003 clients available from the Maintenance Advantage web site.

Also, Web Application Pools users must have read access to the following location: [hkey_local_machine]\[software]\[CommVault Systems Registry].

Additional accounts should be established by the SharePoint database administrator.

Initially, the SharePoint Administrator account credentials is provided during the Agent installation. You can subsequently change the user account at the Agent level.

At the Agent Level

You can change the following user accounts:

  • the Administrative Account
  • the SSO Administrator Account for the service on the associated SharePoint Portal server

Use the following steps to change the Administrator account:

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click Sharepoint Server and click Properties.
  3. Click Change Account.
  4. Type the SharePoint Administrator user name in the SharePoint Administrator Account box.
  5. Type the password in Password box and retype it in the Confirm Password box.
  6. Click OK.

Use the following steps to change the SSO Administrator account:

  1. From the CommCell Browser, navigate to Client Computers | <Client>.
  2. Right-click Sharepoint Server and click Properties.
  3. Click Change Account.
  4. Type the SharePoint SSO user name in the SharePoint SSO Account box.
  5. Type the password in Password field and retype it in the Confirm Password box.
  6. Click OK.

Sybase iDataAgent

The Sybase iDataAgent requires two user accounts to access the Sybase application and database to perform backup and restore operations:

  • Database user account with administrator privileges.

    On Unix computers, the account information for accessing the database is provided during the Sybase iDataAgent installation.

    On Windows computers, the account information is provided during the instance configuration after the installation of the Agent.

  • Operating system account with privileges to access the Sybase application.

The following table illustrates the required user account privileges for backup and restore operations:

Operations User Account Needed
Create Sybase server Sybase database administrator account (SA role)
Backup Sybase database and Restore non-system databases Operating system user account (operator role) with access to all the databases in an instance.
Restore Sybase system databases Sybase database administrator account (SA role)

Use the following steps to change the user account for accessing the Sybase instance:

  1. From the CommCell Browser, navigate to Client Computers | <Client> | Sybase.
  2. Right-click the <Instance> and click Properties.
  3. Click the Accounts tab.
  4. Type the user name in the User Name box.
  5. Type the SA user name in the SA User Name box.
  6. Type the password in the SA Account Password box and retype it in the SA Confirm Password box.
  7. Click OK.

At the Client Computer Group Level

This user account will be used for all computers within a Client Computer Group. Configure the user account at this level if different users will be conducting backup and restore operations for each Client Computer Group in your organization. This user account will override the user account configured at the CommCell level.

  1. From the CommCell Browser, navigate to the Client Computer Groups node.
  2. Verify that all the Agent clients for which you wish to configure the user account are included in the Client Computer Groups.
  3. Right-click the <Client Group> and click Properties.
  4. Click the Advanced Settings tab.
  5. Click the Override higher levels settings check box.
  6. Select one of the following:
    • Use Local System Account, if the computer's Administrator account contains the required privileges.
    • Impersonate User, if you want to use a different account that contains the required privileges. Type the User Name and Password for this account in the space provided.
  7. Click OK.

The user credentials provided at the client computer group level are ignored if the client belongs to more than one group. In this case, provide the user credentials at the instance level.

Virtual Server iDataAgent

The Virtual Server Agent requires user accounts that have sufficient permissions for the software to:

  • Access the vCenter and ESX servers.
  • Access virtual machines.
  • Access volumes, files, and folders within virtual machines.
  • Perform discovery, backup, and restore operations.

When you configure the VMware vCenter client, you must provide the user account credentials for the vCenter. Later, you can change the user account at the instance level.

For more information, see Configuration of User Accounts for VMware.

Change Virtual Center Credentials

Perform the following steps to change user account credentials for vCenter clients:

  1. Navigate to Client Computers > virtualization_client > Virtual Server.
  2. Right-click VMware and select Properties.
  3. In the VMware area, click Change.
  4. Type the username and password.

    Ensure that the password does not have single-quote (') or double-quote (") characters.

  5. Click OK.

Enable Passwords for Media Associated with a Storage Policy

By default, the CommServe Level Media Password is used to access the data residing on media used by the system for a storage policy. You can prevent unauthorized access to this data by enabling a password for a Media Associated with the Storage Policy.

If you password protect the media associated with a Disaster Recovery Backup storage policy, it is essential that you record this password. In certain disaster recovery scenarios, it may be necessary to read your backup data directly from the media.

  1. From the CommCell Browser, navigate to Policies | Storage Policies.
  2. Right-click the <Storage Policy> and select Properties.
  3. Click the Advanced tab.
  4. Click the Enable Storage Policy Level Media Password check box and then click the Change Media Password check box.
  5. Type the new media password in the Enter New Media Password box and the Confirm New Media Password box.
  6. Type the CommServe media password in the Enter Old Media Password dialog box.
  7. Click OK.

Change Account for Restoring to Mapped or Shared Network Drives and Restricted Directories

You can define a user with permissions to restore data to either mapped or shared network drives or directories to which you have no write privileges.

  1. From the CommCell Browser, go to Client Computers > client > agent.
  2. Right-click the backup_set and click All Tasks and then click Browse and Restore.

    By default, Latest Backup is selected for browse.

  3. Click View Content.
  4. Select the data that you want to restore and then click Recover All Selected.

    The Restore Options for All Selected Items dialog box appears.

  5. Select the required restore options.
  6. Scroll down, click the Impersonate User check box, and type the following:
    • In the User Name box, type the new user name.
    • In the Password box, type the new password and in the Confirm Password box, re-type the password.
  7. Click OK.

System State Backup Privileges

To back up the System State data, the service user must be either an administrator or a backup operator. Also, system state backups require backup operator group permissions on the HKLM\SYSTEM\SETUP key to enable system-protected file backups.

User Impersonation for Running Pre and Post Commands

You can add, modify or view Pre/Post processes for the subclient. These are batch files or shell scripts that you can run before or after certain job phases.
  1. From the CommCell browser, right-click the subclient.
  2. Click Properties.
  3. Click Pre/Post Process.
  4. Click one of the following phases and type the full path of the process that you want to execute during that phase. Alternatively, click Browse to locate the process (applicable only for paths that do not contain any spaces).
    • PreBackup Process
    • PostBackup Process
    • PreSnap Process
    • PostSnap Process
  5. Click OK.
  6. Select Run Post Backup Process for all attempts to run a post backup process for all attempts.
  7. For subclients on Windows platforms, Run As displays Not Selected.

    If you want to change the account that has permission to run these commands, click Change.

    1. In the User Account dialog box, select Use Local System Account, or select Impersonate User and enter the user name and password. Click OK.
    2. If you selected Local System Account, click OK to the message advising you that commands using this account have rights to access all data on the client computer.

Change User Account to Access Job Results Directory for the Client

On a Windows client computer, use the following steps to change the user account for accessing the job results directory for the client:

  1. From the CommCell Browser, go to Client Computers.
  2. Right-click the client and click Properties.

    The Client Computer Properties dialog box appears.

  3. Click Advanced.

    The Advanced Client Properties dialog box appears.

  4. Click the Job Configuration tab.
  5. In the Job Results Directory for Windows Clients section, click User Name/Password and type the following:
    1. In the User Name box, type the new user name.
    2. In the Password box, type the new password and in the Confirm Password box, re-type the password.
    3. Click OK.
  6. Click OK twice to close the properties dialog boxes.

Domain Controller

Use the following steps to change the user account for the domain controller:

  1. From the CommCell Browser, go to Security > Name Servers.
  2. Right-click Domain_Controller and click Properties.

    The Edit Domain Controller Details dialog box appears.

  3. Click Edit next to the User Account box.

    The Enter User Account Information dialog box appears.

  4. Type the following:
    1. In the User Name box, type the new user name.
    2. In the Password box, type the new password and in the Confirm Password box, retype the password.
    3. Click OK.
  5. Click OK to close the domain controller dialog box.