Access Control for Patch Management and Sync

Last updated on August 3, 2021.

Last Reviewed and Approved on PENDING REVIEW

Introduction

This reference document describes the service account(s) and Windows services required for the Patch Management capability in the Rapid Provisioning System (RPS).

Intended Audience

IT professionals and administrators who routinely build software deployment packages to update servers and workstations are primary users of RPS.

Overview

  1. RPS servers and clients, called targets, use a combination of certificates, Windows services, and service accounts.
  2. A service account is a user account that is mapped into the logon of the Windows service on RPS servers.
  3. Some services, such as DSC (Desired State Configuration) only need to run in the local system context, using the standard Windows local system account.

View Windows Services

As an RPS Administrator,

  1. logon to an RPS Server.
  2. open Computer Management and Services.
  3. Or use PowerShell.

Sync Service

  • Service Name: SyncService
  • Logon (service account): WebApiServiceAccount.
  • The Sync Service is a custom RPS windows service.
  • Startup Type: Automatic
  • The account lets the service communicate across RPS parent and child servers.
  • The service/account uses certificates for authentication which allows cross-AD-domain authentication.
  • The service collects and investigates which files it needs to download for BITS.

Distributed File System Replication Service

  • Service Name: DFS Replication (DFSR)
  • Logon (service account): WebApiServiceAccount.
  • The Distributed File System Replication (DFSR) is a Windows server feature and Windows service.
  • Startup Type: Automatic
  • The service/account uses certificates for authentication which allows cross-AD-domain authentication.
  • DFSR is a native Windows multi-master replication engine running on RPS servers to keep file folders synchronized.
  • DFSR was chosen for RPS as a more efficient and bandwidth-saving way to replicate RPS deployment files.

Background Intelligent Transfer Service

  • Service Name: BITS
  • Logon: Local System
  • Startup Type: Automatic (Delayed Start)
  • BITS is a common Windows service running on all Windows clients and servers, such as for common Windows updates.
  • BITS is used also for RPS client-server communications.

Desired State Configuration

  • Service Name: DSC
  • Service Account Name: Local System.
  • The Desired State Configuration (DSC) or "Windows PowerShell DSC" is a foundational capability of RPS.
  • DSC is a management platform where RPS users can configure, deploy, and manage RPS packages.