You may want to know which permissions need to be provided to EventsManager processes and which user groups need to have access to the installation path of the application and database server.
You always need to run EventsManager as an Administrator - this is required for the Windows account that is running EM services (GFI Database Server, GFI EventsManager Monitor, GFI EventsManager) and for the accounts that are used to retrieve logs from source machines (otherwise, certain logs/data will not be retrieved).
Note: Instructions on how to change the account running EM services can be found in the article Account Used To Run EventsManager Services Is Being Locked.
It is highly recommended to provide access to the GFI EventsManager and Database Server folders only to the Administrators group to improve the security of your environment (Full Write permission is required to save collected logs). The default installation paths are:
C:\Program Files (x86)\GFI\Database Server 2.1\
C:\Program Files (x86)\GFI\EventsManager13\
Here is a short description of EventsManager executables:
ESMUI.exe- The EventsManager Management Console allows administrators to configure and manage the operational functionality of the GFI EventsManager. You should avoid giving access to other users, since this may allow normal users to:
- Tamper with GFI EventsManager operational settings, possibly disabling or manipulating security services provided by this product.
- Gain illegal access to stored passwords.
ESMPROC.exe- The Processor Agent Service scans and collects events from target computers. In order to operate efficiently, this service requires access to the registry keys and system files for event log scanning.
ESMMGR.exe- The ESM Monitor service monitors events in real time and creates alerts.
DLIBSVC.exe- The Database Server service archives collected logs to the database and generates reports.
TROUBLE.exe- The EventsManager Troubleshooter retrieves information about the operational functionality and status of GFI EventsManager.