Signiant Support

Database Install on Windows Manager Fails when Strict Policy Settings are in Place Print


Problem

The installation and configuration of the Postgres database component of a Windows Signiant Manager fails when specific polices are configured. 

Solution

The installation fails when the Deny logon locally policy is set to allow only a subset of users to login. The database component of the Windows Signiant Manager (postgres) creates a local user account on the server called postgres. If a Deny policy is in effect that prevents this user account from logging on locally to the server, the postgres database cannot start and the install fails. 

To prevent the installation from failing in these environments, do the following: 
  1. Open Control Panel->Administrative Tools->Local Security Policy.
  2. Select the Local Policies folder.
  3. Select the User Rights Assignment sub-folder.
  4. View the Deny Logon locally policy.
If this policy contains entries that would prevent a local, non-administrative account from logging on locally, your Windows Signiant Manager install will fail. To prevent this, you must do the following before running the Windows Signiant Manager installer:
  1. Add a new local user account with the postgres username to the server. This user should not be a privileged account (not a member of the Administrators or Power Users groups). The password can be set to any value that conforms to your password policies.
  2. From the Local Security editor used above, find the Log on locally policy entry.
  3. Add the local postgres user account to this policy.
  4. Run the Windows Signiant Manager installer
The installer will discover that the local postgres account exists and will not create it as part of the install.

Additional Information

This configuration may be necessary in some environments due to the requirement that the postgres database must be run as the postgres user. Further, this user account must be able to logon to the system such that the database can be started from the services control manager. The database will not start when the postgres user account is a privileged account.