Target Systems Credentials

IMPORTANT: For replication group configuration, each service must be configured to connect to the platforms to be managed by connection accounts specific to that server. In other words, each Cayosoft Administrator Service should have its own set of connection accounts for all managed platforms: Active Directory, Microsoft 365, and Exchange Server.

IMPORTANT: Do not use the same connection accounts for Cayosoft Administrator and Cayosoft Guardian.

For information on connection accounts and required permissions, refer to the following article: Required permissions for connection accounts in Cayosoft Administrator .

Installing Cayosoft Administrator on domain-joined and non-domain-joined servers

You must install Cayosoft Administrator on a server joined to one of the managed AD domains to manage Active Directory and Exchange Server and perform self-service tasks. If you plan to exclusively manage Microsoft 365, you can install Cayosoft Administrator on a non-domain-joined machine.

PowerShell Execution Policy for Windows Computers Requirements

Cayosoft Administrator executed PowerShell scripts to communicate with external services like Active Directory, Exchange, Microsoft 365, and others, and it requires the 'Unrestricted' level of PowerShell Execution Policy.

According to the article Set-ExecutionPolicy - Microsoft Learn, the effective execution policy is determined by the order of precedence as follows:

• MachinePolicy. Set by a Group Policy for all users of the computer.

• UserPolicy. Set by a Group Policy for the current user of the computer.

• Process. Affects only the current PowerShell session.

• CurrentUser. Affects only the current user.

• LocalMachine. Default scope that affects all users of the com

When initializing the PowerShell hosts to execute rules, the Cayosoft Administrator Service sets execution policy on the Process scope to Bypass level (Nothing is blocked and there are no warnings or prompts). This level is required because the Service does not execute ps1 files and ready-made scripts. Instead, the Service reads the rule definition and executes it command-by- command, based on the rule configuration and design.

Cayosoft Administrator won't work if the PowerShell execution policy is forced to AllSigned through Group Policy Object (GPO), both on MachinePolicy and UserPolicy levels. In this case, Group Policy settings will override settings on the Process scope level.

If the PowerShell execution policy is set to AllSigned on CurrentUser or LocalMachine level, Cayosoft Administrator will be able to override them.

To check the execution policy for the Cayosoft Administrator Service:

1. Run the PowerShell or PowerShell ISE under the account configured to run the Cayosoft Administrator Service and run the following command:

   Get-ExecutionPolicy -List

2. Ensure that the Process policy and above is set to Unrestricted or Undefined.

Exchange Online/SMTP Mail Server Requirements

Cayosoft Administrator can send emails with rules output data or notifications. To use this functionality you need to set up email settings.

Learn more in: Email settings.