Content:
Hardware Requirements
Note: Installing the Administrator Service and Cayosoft Guardian on the same server is not supported. Cayosoft strongly recommends installing them on separate servers to ensure optimal performance.
| Component | Requirements |
|---|---|
|
Platform |
2 GHz or higher Intel-compatible dual or quad-core CPU |
|
Memory |
16 GB minimum, recommended for environments to 1000 users in all managed systems. 24 GB is recommended for environments from 1000 to 50000 users in all managed systems. 32 GB is recommended for environments from 50000 to 300000 users or more in all managed systems. 48 GB and more is recommended for environments with 300000 users or more in all managed systems.
Note: Additional RAM may be required for highly loaded installations. For example, several automation rules and/or Dynamic Groups are executed in parallel every few minutes. Or with dozens of users using Web Portal simultaneously.
|
|
Disk |
60 GB or more of free disk space |
|
Machine |
Physical, On-premise Virtual, Azure, or AWS Virtual Server. |
Software Requirements
| Component | Requirements |
|---|---|
|
OS |
Windows Server 2016, Windows Server 2019, Windows Server 2022 |
|
Active Directory forest functional level |
Windows Server 2012R2 or later. |
|
Microsoft Exchange Server |
Exchange Server 2013, with Cumulative Update 21. Exchange Server 2016, with Cumulative Update 10. Exchange Server 2019 |
|
Web Browser |
Google Chrome (Versions released within the past 12 months) Mozilla Firefox (Versions released within the past 12 months) Apple Safari (Versions released within the past 12 months) Microsoft Edge based on Chromium (Versions released within the past 12 months)* |
|
Required ports |
Learn more about Ports used by Cayosoft Administrator Service. |
Microsoft Frameworks Required Installs
Required to manage any system or service with Cayosoft Administrator
| Component | Notes |
|---|---|
|
Microsoft .NET Framework 4.7.2 or later |
No download is required, just add the role. To determine the installed version of Microsoft .NET Framework, follow the instructions provided in Microsoft Determine which .NET Framework versions are installed - .NET Framework | Microsoft Learn. |
|
Microsoft Management Framework 5.1 or later |
|
|
PowerShell Gallery Module 2.5 or later |
See installation instructions.
Note: This module is required for the Administrator Service version 10.1 or later.
|
Active Directory Required Installs
| Component | Notes |
|---|---|
|
Remote Server Administration Tools (RSAT) |
No download is required, just add the role. |
|
Active Directory PowerShell Module (included in RSAT installation) |
No download is required, just add the Server role. |
|
Active Directory Users and Computers MMC (included in RSAT installation) |
No download is required just add the Server role. |
Microsoft 365 Services
Note: When the Microsoft 365 extension is enabled and connection to Microsoft Teams or SharePoint Online is set all required modules will be installed automatically.
Azure AD and Microsoft 365 Exchange Online
| Component | Notes |
|---|---|
|
MSOnline PowerShell for Azure Active Directory |
|
|
Exchange Online PowerShell module (EXO V3) |
Microsoft Teams and Microsoft 365 Skype for Business Online
| Component | Notes |
|---|---|
|
Microsoft Teams PowerShell module |
Microsoft 365 SharePoint Online
| Component | Notes |
|---|---|
|
SharePoint Client-Side Object Model |
|
|
SharePoint Online Management Shell |
Target Systems Credentials
Credentials, provided for each target system, are listed in the table below.
- Permissions required for Active Directory and Microsoft 365 accounts used by Cayosoft Administrator
- How to manually install required components to work with Microsoft 365 Services: Exchange Online, SharePoint Online, Teams Online
| Service | Permissions |
|---|---|
|
Server/Computer |
Starting from the 11.1 version by default Cayosoft Administrator is installed under the local system account. |
|
Active Directory |
An active directory connection account, specified in the Active Directory domain credentials setting, should have Domain Admin permissions (or be up to the level required for desired tasks to be completed). |
|
Exchange On-Premises |
The Exchange Connection Account, specified in the Exchange credentials setting, should have the Exchange Organizational Management Role. |
|
Skype/Lync On-Premises |
At least the CsUserAdministrator role must be assigned to the specified Skype connection account. |
|
Azure AD and Microsoft 365 Exchange Online |
Microsoft 365 connection account should hold the Global Administrators and must be a cloud-only account, i.e. not synchronized with on-premises Active Directory. Please see the Microsoft 365 credentials setting description in the Microsoft 365 extension settings article for more details. |
|
Microsoft Teams |
Teams license and Teams Administrator role are required for a Microsoft 365 connection account to maintain ownership in teams and channels, specifically private teams and channels. |
|
SharePoint Online |
Microsoft 365 Connection Account, specified in the Microsoft 365 credentials setting, should have Full Administrator permission. |
Cayosoft Administrator on Domain-Joined and Non-Domain-Joined Machines
By default, it is recommended to install Cayosoft Administrator on the server that is joined to the same domain to be managed.
If you plan to use Microsoft 365 management only you can install Cayosot Administrator on the non-domain-joined machine.
Active Directory and Exchange Server on-prem management and Self-Service tasks require Cayosoft Administrator to be installed on the domain-joined machine.
PowerShell Execution Policy for Windows Computers Requirements
Cayosoft Administrator executed PowerShell scripts to communicate with external services like Active Directory, Exchange, Microsoft 365, and others, and it requires the 'Unrestricted' level of PowerShell Execution Policy.
According to this MS article https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/set-executionpolicy?view=powershell-5.1, the effective execution policy is determined by the order of precedence as follows:
- MachinePolicy. Set by a Group Policy for all users of the computer.
- UserPolicy. Set by a Group Policy for the current user of the computer.
- Process. Affects only the current PowerShell session.
- CurrentUser. Affects only the current user.
- LocalMachine. Default scope that affects all users of the com
When initializing the PowerShell hosts to execute rules, the Cayosoft Administration Service sets execution policy on the Process scope to Bypass level (Nothing is blocked and there are no warnings or prompts). This level is required because the Service does not execute ps1 files and ready-made scripts. Instead, the Service reads the rule definition and executes it command-by-command, based on the rule configuration and design.
Cayosoft Administrator won't work if the PowerShell execution policy is forced to AllSigned through Group Policy Object (GPO), both on MachinePolicy and UserPolicy levels. In this case, Group Policy settings will override settings on the Process scope level.
If the PowerShell execution policy is set to AllSigned on the CurrentUser or LocalMachine level, the Cayosoft Administrator will be able to override them.
To check the execution policy for the Administration Service:
- run the PowerShell or PowerShell ISE under the account configured to run the Cayosodt Administration Service and run the following command:
Get-ExecutionPolicy -List
- Ensure that the Process policy and above is set to Unrestricted or Undefined.
Exchange Online/SMTP Mail Server Requirements
Cayosoft Administrator can send emails with rules output data or notifications. To use this functionality you need to set up email settings.
See details in the Cayosoft Administrator Email Settings article.
Comments
0 comments
Article is closed for comments.