Content:
Hardware Requirements
| Component | Requirements |
|---|---|
|
Platform |
2 GHz or higher Intel-compatible dual or quad-core CPU |
|
Memory |
16 GB minimum, 24 GB recommended Note: For environments with 50,000 users or more - 32 Gb or more.
|
|
Disk |
60 Gb or more of free disk space |
|
Machine |
Physical, On-premise Virtual, Azure or AWS Virtual Server |
Software Requirements
| Component | Requirements |
|---|---|
|
OS |
Windows Server 2012R2 or later*. |
|
Active Directory forest functional level |
Windows Server 2012R2 or later. |
|
Microsoft Exchange Server |
Exchange Server 2013, with Cumulative Update 21. Exchange Server 2016, with Cumulative Update 10. Exchange Server 2019 |
|
Web Browser |
Google Chrome (Versions released within the past 12 months) Mozilla Firefox (Versions released within the past 12 months) Apple Safari (Versions released within the past 12 months) Microsoft Edge based on Chromium (Versions released within the past 12 months)** |
|
Required ports |
Learn more about ports used by Cayosoft Administrator Service. |
Windows Server 2012 R2 Microsoft Frameworks Required Installs
Required to manage any system or service with Cayosoft Administrator
| Component | Notes |
|---|---|
|
Microsoft .NET Framework 4.7.2 or later |
No download is required for Server 2012 R2 or later, just add the role. To determine the installed version of Microsoft .NET Framework, follow the instructions provided in Microsoft Determine which .NET Framework versions are installed - .NET Framework | Microsoft Learn. |
|
Microsoft Management Framework 5.1 or later |
|
|
PowerShell Gallery Module 2.5 or later |
See installation instructions. Note: This module is required for the Administrator Service version 10.1 or later.
|
Windows Server 2012 R2 Active Directory Required Installs
| Component | Notes |
|---|---|
|
Remote Server Administration Tools (RSAT) |
No download is required for Windows 8.x or Server 2012 R2 or later, just add the role. |
|
Active Directory PowerShell Module (included in RSAT installation) |
No download is required for Server 2012 R2 or later, just add the Server role. |
|
Active Directory Users and Computers MMC (included in RSAT installation) |
No download is required for Server 2012 R2 or later, just add the Server role. |
Azure AD and Microsoft 365 Services
Note: Use the Cayosoft Requirements Check tool to automatically install these required components.
Azure AD and Microsoft 365 Exchange Online
| Component | Notes |
|---|---|
|
Microsoft Online Command Pack |
|
|
Exchange Online PowerShell module (EXO V3) |
Microsoft Teams and Microsoft 365 Skype for Business Online
| Component | Notes |
|---|---|
|
Microsoft Teams PowerShell module (Skype for Business Online) |
Microsoft 365 SharePoint Online
| Component | Notes |
|---|---|
|
SharePoint Client-Side Object Model |
|
|
SharePoint Online Management Shell |
Service Account and Target Systems Credentials
Permission requirements for Windows Service Account and credentials, provided for each target system, are listed in the table below.
| Service | Permissions |
|---|---|
|
Server/Computer |
Windows Service Account, configured to run the Cayo Administration Service, should have Local Administrator permissions on the workstation or server where the product will be installed. Windows Service Account should be a member of the Domain Admins group if you plan to automate the user and group account suspension process with Cayosoft Administrator. |
|
Active Directory |
Active Directory Service Account, specified in the Active Directory domain credentials setting, should have Domain Admin permissions (or up to the level required for desired tasks to be completed). |
|
Exchange On-Premises |
Exchange Service Account, specified in the Exchange credentials setting, should have the Exchange Organizational Management Role. |
|
Skype/Lync On-Premises |
At least CsUserAdministrator role must be assigned to the specified Skype connection account. |
|
Azure AD and Microsoft 365 Exchange Online |
Microsoft 365 connection account should hold the Global Administrators and must be a cloud-only account, i.e. not synchronized with on-premises Active Directory. For more details, please see Microsoft 365 credentials setting description in Microsoft 365 extension settings article. |
|
Microsoft Teams |
Teams license and Teams Administrator role are required for Microsoft 365 connection account to maintain its ownership in teams and channels, specifically private teams and channels. |
|
SharePoint Online |
Microsoft 365 Service Account, specified in the Microsoft 365 credentials setting, should have Full Administrator permission. |
|
Target Servers or Systems |
Windows Service Account should have Administrative permissions on the target system up to the level required for the tasks to be completed. |
PowerShell Execution Policy for Windows Computers Requirements
Cayosoft Administrator executed PowerShell scripts to communicate with external services like Active Directory, Exchange, Microsoft 365, and others, and it requires the 'Unrestricted' level of PowerShell Execution Policy.
According to this MS article https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-5.1, the effective execution policy is determined by the order of precedence as follows:
- MachinePolicy. Set by a Group Policy for all users of the computer.
- UserPolicy. Set by a Group Policy for the current user of the computer.
- Process. Affects only the current PowerShell session.
- CurrentUser. Affects only the current user.
- LocalMachine. Default scope that affects all users of the com
- When initializing the PowerShell hosts to execute rules, the Cayosoft Administration Service sets execution policy on the Process scope to Unrestricted level.
- From the article above: "Unrestricted. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the Internet, you are prompted for permission before it runs."
- The Unrestricted level is required because the Service does not execute ps1 files and ready-made scripts. Instead, the Service reads the rule definition and executes it command-by-command, based on the rule configuration and design.
- Cayosoft Administrator won't work if the PowerShell execution policy is forced to AllSigned through Group Policy, both on MachinePolicy and UserPolicy levels. In this case, Group Policy settings will override settings on the Process scope level.
- If the PowerShell execution policy is set to AllSigned on CurrentUser or LocalMachine level, Cayosoft Administrator will be able to override them.
- To check the execution policy for the Administration Service, run the PowerShell or PowerShell ISE under the account configured to run the Cayosodt Administration Service and run the following command:
-
Get-ExecutionPolicy -List
- Ensure that the Process policy and above is set to Unrestricted or Undefined.
-
SMTP Mail Server Requirements
See details in the KB20140105-1 Configuring Cayosoft Administrator SMTP Server Settings.
Comments
0 comments
Please sign in to leave a comment.