The accounts you need

Before you install Sophos software, you should create the user accounts you need.

You need the following accounts:

• Database account. This is a Windows user account that enables the management service to connect to the database. It is also used by other Sophos services.

  We recommend that you name the database account SophosManagement.

• Update Manager account. This is a Windows user account that enables your endpoint computers to access the folders where Sophos Enterprise Console puts software updates.

  We recommend that you name the Update Manager account SophosUpdateMgr.

  This account must have read rights to the share and must not have administrative or write rights.

• Additional remote share account. You may want to create additional remote share locations where the software is placed by the Update Manager. You should use a dedicated account to give write access to these locations for the Update Manager. This is a Windows user account that allows you to create additional share locations. You must not reuse this account as an Update Manager account (SophosUpdateMgr). Also, you must not use the Update Manager account to give write access to these remote locations.
• Multi-factor authentication recovery account. This is a Windows user account that is used for multi-factor authentication recovery only. After installing Sophos Enterprise Console, grant multi-factor authentication administrator rights to this user account in role-based administration. Only use this account if a multi-factor authentication device has been lost, to recover the accounts that are usually used.