vWorkspace 8 User Service Accounts

Hi, I'm building production vWorkspace farm and I'm wodering if I need seperate domain user account for vWorkspace services? For example, I'm about to add the Hyper-V server and its asking for Root Node Credentials, should I create a seperate account or use my own. In the DEV enviroment I used my account without thinking about it too much, but in production, I'm afraid that if my account is disabled everything will stop....

Do I need a dedicated domain user account for anything involving vWorkspace? If so for which roles/services? What is recommended practice?

thanks

Dejan

Responses(3)

DELL-David Y

228 Posts

1

June 27th, 2013 20:00

Hi Dejan,

We would recommend that you do use a seperate account for vWorkspace Services and also the vWorkspace Administrative user. The account(s) should ideally have a non-expiring password and should be exempt from lockout due to incorrect password so as to allow the services to run without interruption.

Regards,

David

dkgcb

45 Posts

0

June 28th, 2013 11:00

David, thanks for reply. Is there any documentation that would outline which services and roles I would have to run under the separate domain accounts?

dkgcb

45 Posts

0

September 5th, 2013 18:00

Hi David,

Just to follow up to this question, I came up with the list of Quest Services that run under Local System account by default in the VW farm. Since Local System account has full permission to the local machine, would you be able to tell me if any of the following services need to stay under Local System? I would like to change all services to run as regural Domain Account due to security reasons.

Services	Display Name	Description
Hyper-V
PNDCSVC.EXE	Quest Hyper-V Catalyst

Session Host
pndcsvc.exe	Quest Data Collector	Runs on all managed Terminal Servers and hosted desktops in the farm. This service communicates with the Connection Broker, periodically sending it keep-alive heartbeats, performance statistics and real-time events including user Logon, Logoff, Connect and Disconnect. It also executes a broad range of management tasks received from the Connection Broker.
pndmsvc.exe	Quest Database Manager	Delivers database connectivity and data synchronization to various running services. This service also updates the local cache if database caching is enabled in the farm, and performs several other management and housekeeping tasks.
pndnasvc.exe	Quest EOP Xtream	Accelerates network traffic between a client and server.
pnmpts.exe	Quest MetaProfiles Agent	Runs on Terminal Servers and hosted desktops to eliminate the need for traditional roaming profiles and accelerate session logon and logoff. This service simulates the behavior of traditional roaming profiles and enhances their flexibility with silo awareness, enabling each user to have one virtual profile per Terminal Server or desktop group within a farm.
PNMMRSVC.exe	Quest Multimedia Redirection Service	Redirects the multimedia stream to the client for playback using the local media player and codecs.
pnregsvc.exe	Quest Registry Service	Enables the Management Console and other farm services to remotely and securely modify registry settings on this computer.
pnsensvc.exe	Quest System Event Notification	Runs on Windows Vista and Server 2008 to enable real-time detection of various system events and to provide a framework for loading notification packages.
pntzsvc.exe	Quest Time Zones	Enables Terminal Server users to execute time-sensitive software programs in their respective time
pnupsvc.exe	Quest Universal Printer	Runs on Terminal Servers, hosted desktops and shared/dedicated print servers to enable driver-independent printing to redirected client printers, shared network printers and remote site servers in a distributed enterprise.

AppPortal/Gateway
pndmsvc.exe	Quest Database Manager	Delivers database connectivity and data synchronization to various running services. This service also updates the local cache if database caching is enabled in the farm, and performs several other management and housekeeping tasks.
pnsslsvc.exe	Quest Secure Sockets Layer Gateway	Enables RDP clients to remotely connect to Windows Terminal Servers and hosted desktops using SSL (Secure Sockets Layer). This service acts as an intermediary between the remote clients and the backend Terminal Servers and hosted desktops

Broker
pnbrksvc.exe	Quest Connection Broker	Performs a broad range of management functions including client connection arbitration, Terminal Server load-balancing, virtual machine provisioning and power management, task automation, license usage tracking and more.
pndmsvc.exe	Quest Database Manager	Delivers database connectivity and data synchronization to various running services. This service also updates the local cache if database caching is enabled in the farm, and performs several other management and housekeeping tasks.
pnregsvc.exe	Quest Registry Service	Enables the Management Console and other farm services to remotely and securely modify registry settings on this computer.

View All

No Events found!