Additional Information

Bomgar Verify Services

Services

It is good practice to check that all Bomgar Verify services are running after installation.

  1. Click Start > Run > services.msc.
  2. Press OK.
  3. All Bomgar Verify services start with SecurEnvoy for searching and indexing. Check which SecurEnvoy options have started.

Default options are:

  • SecurEnvoy Batch Server
  • SecurEnvoy RADIUS
  • SecurEnvoy WebSMS Gateway

Example Admin User Configured With ADSI Edit

For Windows 2008 Server

Properties > Security

  1. Create a user called Bomgar Verify.

  2. Select Password never expires.
  3. Right-click the top directory.

  4. Select Properties.
  5. Select Security.

  6. Click Add to add the Bomgar Verify user.
  7. Click Advanced.

  8. Re-select the user in the Permission entries list.

     

  9. Permission Entry for Dev

  10. Click Edit....

  11. Select Properties.
  12. In the Apply onto field, select Descendant Contact Objects. Check the following:

    1. Allow Write Telex Number

    2. Allow Write Telex Number (Others)

    3. Allow Write Mobile Number

    4. Allow Write E-Mail

  13. Change the Apply onto field from Contact Objects to User Objects. All the selected attributes carry over to User Objects.

  14. Select Object.

  15. Select Descendant User Objects.

  16. Check Reset Password and Change Password.

     

  17. Advacned  Security Settings

  18. Click OK.

  19. Click Apply. The account should have six permissions.
  20.  

    adsf

  21. Right-click AdminSDHolder under the directory CN=system and select Properties.

    1. Select Allow inheritable permissions.
    2. Press OK. This adds support for users that are members of the following protected groups:
    • Administrators

    • Account Operators

    • Server Operators

    • Print Operators

    • Backup Operators

    • Domain Admins

    • Schema Admins

    • Enterprise Admins

    • Cert Publishers

Note: The Write userAccountControl permission, found within Properties > Descendant User Objects, is required for password reset.

For Windows Server 2012

Properties > Security

  1. Create a user called Bomgar Verify.

  2. Select Password never expires.
  3. Run ADSI Edit.

  4. Right-click the top directory.

  5. Select Properties.
  6. Select Security.

  7. Click Add to add the Bomgar Verify user.
  8.  

    Advanced Security Settings

  9. Click Advanced.

  10. Re-select the user in the Permission entries list.

  11. Click Edit….

  12. Select Properties.
  13. In the Applies onto field, select Descendant User Objects. Check the following:

    1. Allow Write Telex Number

    2. Allow Write Telex Number (Others)

    3. Allow Write Mobile Number

    4. Allow Write E-Mail

    5. Click OK.

      Permissions

  14. From Advanced Security Setting, click Edit.

  15.  

    Permissions

  16. In the Applies To field, select Descendant User Objects.
  17. Check Reset Password and Change Password.
  18. Click OK.
  19. Click Apply. The account should have five entries.
  20. Right-click AdminSDHolder under the directory CN=system.

    Select Properties > Security Tab > Advanced.

    Select the option Enable Inheritance.

    Click OK. This adds support for users that are members of the following protected groups:

    • Administrators
    • Account Operators
    • Server Operators
    • Print Operators
    • Backup Operators
    • Domain Admins
    • Schema Admins
    • Enterprise Admins
    • Cert Publishers

Note: Additional servers MUST share the same Bomgar Verify administration account for each domain they manage.

  1. To test, start the Bomgar Verify Admin GUI.
  2. Enable a user.
  3. Enter the mobile number.
  4. Click Update User.
  5. The message returned should say OK, Passcode Sent To Gateway. If the message ERR, Error writing to LDAP, General access denied error is received, then the write permissions are incorrect.

Bomgar Verify Service Permissions Account Wizard

Domain Controller Setup

  1. Create a service account within Active Directory.
  2. Make sure the password is set to not expire.
  3. Enter the service account within the Service Account Name field.
  4. Click Get DN. It is also possible to set a specific OU; however, this should not be required within most environments.
  5. Set the needed permissions :
    1. Primary TelexNumber
    2. telenexNumber
    3. mobile
    4. mail
    5. Reset Password
    6. Change Password
    7. pwdLastSet
    8. userAccountControl
  6. Click Apply.