There are two main aspects to the SMOD Security Settings. The first is the SMOD Service Account and the second is the SMOD Admin Group Name. Brief overview of each is as follows:
SMOD Service Account: SMOD reads and potentially modifies attributes for user objects in Active Directory. For this reason, a SMOD service account is needed that has sufficient privileges to perform these read and write operations.
SMOD Admin Group Name: SMOD is administered through a set of web pages and access to these web pages is controlled by the SMOD Admin Group.
The screenshot below shows the SMOD security settings. Description of each item is included after the screenshot.
This is an Active Directory domain account that has privileges to read and write user objects in all the domains that are configured. It is easiest to have this account be a part of the Domain Admins group which give sufficient privileges. If more secure account is needed, the service account must have enough privileges to perform the following:
Password: The corresponding password for the SMOD service account. Please note that when the password is entered here, it is not verified with Active Directory - the password will be used at the time of the read and write of Active Directory in the SMOD user section.
This specifies the name of the Active Directory Group that will have access to the SMOD Administration Web pages. Specifying the group allows for the creation of a custom group specifically for SMOD administration. However, you may use the default Administrators or Domain Admins group. The default setting is the Administrators group.
Note: This group is a domain level group and not a local group on the SMOD server. Thus, by default the group is "Administrators", which refers to the Administrators local group in the Active Directory domain.
When entering the SMOD Administrator, the username that you use to login should be a part of the Admin Group specified here. If the user account you use to log in is not a member of the Admin Group, you will not be able to get into any of the SMOD Administration pages and not be able to change any settings.
Thus, it is critical that this group is specified correctly during SMOD setup or you will be locked out of SMOD!