:: infotechGuyz.com ::
> For the IT community by the IT community

Lync 2010 Permission Requirement for Installation

 

Setup and deployment of MS Lync 2010 requires that person installing and deploying software be a member of local or domain-level groups. OCSLogger, a troubleshooting tool that is installed as part of Administrative tools for Lync 2010, requires additional group membership. following table summarizes group or groups that a person should belong to in order to successfully install and troubleshoot Lync 2010.

Group memberships in preceding table represent minimum memberships. Or memberships which will grant permissions necessary to initiate setup and deployment are possible, including membership in Domain Admins group or Enterprise Admins group.

 

Group Membership Requirements

Lync Executable	Group Membership Required
Setup.exe – Executable that starts installation of Lync administrative tools.	Member of Local Administrators group on computer from which executable is run. Member of Domain Users group to read information in Active Directory Domain Services (AD DS). This level of permission is required because automatic installation of required MSI packages on local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as Local Machine hive.
Deploy.exe – Called by setup.exe, deploy.exe is responsible for deployment of software components for server roles.	Member of Local Administrators group on computer from which executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because automatic installation of required MSI packages on local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as Local Machine hive. Membership in RtcUniversalReadOnlyAdmins group is necessary to read Central Management store.
Bootstrapper.exe – Called by setup.exe, bootstrapper.exe is responsible for deployment and configuration of server roles.	Member of Local Administrators group on computer from which executable is run. Member of Domain Users group to read information in AD DS. This level of permission is required because automatic installation of required MSI packages on local computer requires privileges that allow reading from and writing to protected local computer resources such as Program Files directories, and protected registry such as Local Machine hive.
OCSLogger.exe – Administrative troubleshooting tool for capturing messages on server roles.	Member of Local Administrators group on computer from which executable is run. executable is manifested as requireAdministrator.