Liongard Roar

Roar Users Guide & Documentation

Welcome! You'll find comprehensive guides and documentation to help MSPs start working with Liongard's Roar as quickly as possible, as well as support if you get stuck. Let's go #MakeITRoar!

Get Started    

Agent Service Permissions

A more detailed discussion of how to configure the Roar Agent service to run as a Windows or Active Directory user.

A Roar Agent, whether in the cloud or installed on-premise, runs each Roar inspection. Most inspection jobs require some form of authentication to the target system - see our Permissions & Authentication document for more details.

For inspection jobs that authenticate via Active Directory directly - inspectors like Active Directory, Windows Server, and SQL Server - our best practice is to run the On-premise Roar Agent service itself as an Active Directory (or Windows) user from which it will derive its rights on the network.

Setup Process

Create Service Account

First, we will create an Active Directory (or local Windows, if appropriate) service account.

  • Create a user account called "RoarAgent" (or follow your preferred naming convention) in Active Directory.
  • Assign the account the appropriate permissions for the inspectors you wish to run.

🚧

User Permissions

We are in the process of documenting least-privileged permissions for each individual Inspector. As a best practice, before rolling out an Inspector, review each Inspector's documentation and set up permissions accordingly.

Specifically, please review these Inspector pages: Windows, Active Directory, SQL, and Hyper-V.

Roar generally requires at a minimum a global "read-only" permission for our inspections. The simplest way to accomplish this is to add the user, used by the Roar Agent, to the Domain Admins group.

If you wish to scope down the set of permissions for the Roar Agent's user, we, at minimum, need to have Remote Management capabilities for all servers on the network. Additional information on Remote Management is available from Microsoft's Documentation.

Install the Roar Agent

If not already completed, install the Roar Agent on the server in question by following our Agent Deployment instructions.

Configure the "Run As" User for the Roar Agent

  • On the server in question, go to the Services control panel (i.e., services.msc)
  • Right-click on the Roar Agent service and click Properties.
  • Navigate to the Log On tab and set the service to "Log on as this account" and fill in the "This account" details with the AD account created at the beginning of this article.
  • Restart the service and verify that the service starts successfully and shows the desired service account in the "Log On As" column.

You have now configured your Roar Agent to act as that user, and it will inherit the permissions to inspect both the local machine and other applications as services according to that user's permissions.

🚧

Password Change

If the password associated with the user that the Roar Agent is running as changes, the password will need to be updated by either editing the Properties of the service in the Windows Services Control Panel or updated via a script/RMM solution.

Last Updated: 2019-09-17

Updated 10 months ago


Agent Service Permissions


A more detailed discussion of how to configure the Roar Agent service to run as a Windows or Active Directory user.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.