Low-Privilege Environments

Assign a Run As account to the DNS Run As profile. The account needs the following permissions:

  • Event log Read permissions

  • Performance counter Read permissions

  • WMI Read permissions

  • NSLOOKUP Read and Execute permissions

  • DNS Server Start/Stop permissions

  • Full rights to Service Control Manager

  • DNS Administrator rights

  • Full rights to the Operations Manager 2007 working directory parent (C:\Program Files\System Center Operations Manager 2007\Health Service State)

For detailed information about how to set up these permissions, see Appendix: Least Privilege Setup.