<typolist>

create the future service account

</typolist>

     (user cannot change password & password never expires, member of  

      user group)

<typolist>

Give the account full policy & full service access in the mimesweeper console. After this reconfigure the mimesweeper services to use the account, you will get the message "log on as a service right" granted. Stop the services.

</typolist>

 

<typolist>

Reconfigure file permissions on C:\Program Files\MAILsweeper for SMTP, assign "modify" permissions to the account.

</typolist>

 

<typolist>

Reconfigure file permissions on your spool area, assign "modify" permissions to the account. Give the account full control on:

</typolist>

 

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SMTPDS   

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SMTPRS

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\SMTPSS 

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\

   Application\MAILsweeper for SMTP Delivery 

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\

   Application\MAILsweeper for SMTP Receiver 

  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\

   Application\MAILsweeper for SMTP Security

  HKEY_LOCAL_MACHINE\SOFTWARE\MIMEsweeper

 

<typolist>

Start the services

</typolist>

 

Afterwards I removed the account from the users group. Probably you can do this from the start.

I haven't experimented with further tightening the rights yet. I would presume read and modify rights on some registry keys should be enough.

 

Back