> For the complete documentation index, see [llms.txt](https://docs.devolutions.net/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.devolutions.net/server/knowledge-base/knowledge-base-articles/pre-deployment-account-survey.md).

# Pre-deployment account survey

A Devolutions Server instance requires several accounts to run its various services. Instances support Active Directory domain accounts or SQL accounts paired with local service accounts to run its services.

{% hint style="info" %}
The account names in this topic are only suggestions.
{% endhint %}

<figure><img src="https://cdnweb.devolutions.net/docs/DVLS0002_2025_2.png" alt=""><figcaption></figcaption></figure>

{% tabs %}
{% tab title="Windows" %}

### Windows domain accounts (integrated authentication) <a href="#windows-domain-accounts-integrated-authentication" id="windows-domain-accounts-integrated-authentication"></a>

Devolutions Server supports the use of integrated authentication for Windows accounts. Typically, these accounts are managed in on-premise Active Directory environments or cloud-hosted Azure Entra ID.

{% hint style="success" %}
It is recommended to use separate accounts for the different roles.
{% endhint %}

<table><thead><tr><th width="160"></th><th width="96"></th><th width="228"></th><th></th></tr></thead><tbody><tr><td>ACCOUNT</td><td>TYPE</td><td>PURPOSE</td><td>REQUIREMENTS</td></tr><tr><td><strong>DVLS_Owner</strong></td><td>Active Directory or local Windows</td><td><p>A local administrative Windows account must exist on the Devolutions Server host system to properly install and administer it (via the Devolutions Server Console application).</p><p>Used to launch the Devolutions Server Console application to install a Devolutions Server instance.</p></td><td><ul><li>An interactive local administrator Windows group member on the Devolutions Server host system.</li><li><p>Microsoft SQL Server</p><ul><li>Server Role: <code>dbcreator</code></li><li>Securable: <code>Alter any login</code>, <code>Control Server</code></li><li>Database: <code>dbowner</code></li></ul></li></ul><p><br>Click <a href="https://docs.devolutions.net/server/kb/knowledge-base/control-server-dvls-owner/">here </a>to learn why <code>Control Server</code> is required, when it is used, and how to avoid granting it.</p></td></tr><tr><td><strong>DVLS_Runner</strong></td><td>Active Directory</td><td><p>The account is assigned to the IIS application pool running the Devolutions Server instance and is assigned the least privileges upon installation of the instance.</p><p>After installing the application, the configuration must be performed directly on the IIS application pool. Once the pool has been configured, the Devolutions Server Console should be used to assign the least privileges required for the user.</p><p><a href="https://docs.devolutions.net/server/kb/how-to-articles/configure-gmsa-account/">gMSA accounts are supported.</a></p></td><td>It requires <code>Log on as a service</code> permission in the Local Security Policy (<strong>secpol.msc</strong>) – <em><strong>Local Policies</strong></em> – <em><strong>User Rights Assignment</strong></em>.<br><br>Make sure to disable any GPO that could overwrite this configuration.</td></tr><tr><td><strong>DVLS_Scheduler</strong></td><td>Active Directory</td><td><p>This account is required to run background tasks within a Devolutions Server instance, like the <a href="https://docs.devolutions.net/server/kb/knowledge-base/scheduler-service-general-information/">Scheduler service</a>, and is assigned the least privileges upon installation of the instance.</p><p>Configured within the Devolutions Server Console during an instance installation.</p><p><a href="https://docs.devolutions.net/server/kb/how-to-articles/configure-gmsa-account/">gMSA accounts are supported.</a></p></td><td>It requires <code>Log on as a service</code> permission in the Local Security Policy (<strong>secpol.msc</strong>) – <em><strong>Local Policies</strong></em> – <em><strong>User Rights Assignment</strong></em>.<br><br>Make sure to disable any GPO that could overwrite this configuration.</td></tr><tr><td><strong>DVLS_ADAuth</strong></td><td>Active Directory</td><td>An optional account that is only required if Windows authentication is enabled for a Devolutions Server instance. Once it is installed, you may configure available authentication methods in the web UI under <em><strong>Administration</strong></em> – <em><strong>Configuration</strong></em> – <em><strong>Server settings</strong></em> – <em><strong>Authentication</strong></em>.</td><td><p>A read-only access in the given organizational unit (OU) within Active Directory, where the Devolutions Server users are stored.</p><p>It must be an AD user.</p></td></tr></tbody></table>

### Windows SQL accounts <a href="#windows-sql-accounts" id="windows-sql-accounts"></a>

Devolutions Server supports SQL logins for non-domain joined Windows computers, or if non-domain accounts are to be used. It is recommended that you use separate accounts for the different roles.

{% hint style="success" %}
It is recommended to use separate accounts for the different roles.
{% endhint %}

<table data-header-hidden><thead><tr><th width="156"></th><th width="96"></th><th width="267"></th><th></th></tr></thead><tbody><tr><td>ACCOUNT</td><td>TYPE</td><td>PURPOSE</td><td>REQUIREMENTS</td></tr><tr><td><strong>Local administrator account</strong></td><td>Local Windows</td><td><p>A local administrative Windows account must exist on the Devolutions Server host system to properly install and administer it (via the Devolutions Server Console application).</p><p>Used to launch the Devolutions Server Console application to install a Devolutions Server instance.</p></td><td>An interactive local administrator Windows group member on the Devolutions Server host system.</td></tr><tr><td><strong>DVLS_Owner</strong></td><td>SQL Login</td><td>An SQL Login account with rights to create a database and assign the necessary permissions to the new Devolutions Server instance.</td><td><p>Microsoft SQL Server</p><ul><li>Server Role: <code>dbcreator</code></li><li>Securable: <code>Alter any login</code>, <code>Control Server</code></li><li>Database: <code>dbowner</code></li></ul><p>Click <a href="https://docs.devolutions.net/server/kb/knowledge-base/control-server-dvls-owner/">here </a>to learn why <code>Control Server</code> is required, when it is used, and how to avoid granting it.</p></td></tr><tr><td><strong>DVLS_Runner</strong></td><td>SQL Login</td><td>The IIS application pool runs as the Windows local <code>Network Service</code> account using the SQL Login within a stored SQL connection string.</td><td></td></tr><tr><td><strong>DVLS_Scheduler</strong></td><td>SQL Login</td><td><p>This account is required to run background tasks within a Devolutions Server instance, like the <a href="https://docs.devolutions.net/server/kb/knowledge-base/scheduler-service-general-information/">Scheduler service</a>, and is assigned the least privileges upon installation of the instance.</p><p>The Windows Service runs as the Windows <code>Local Service</code> account using the SQL Login within a stored SQL connection string.</p></td><td></td></tr><tr><td><strong>DVLS_ADAuth</strong></td><td>Active Directory</td><td>An optional account that is only required if Windows authentication is enabled for a Devolutions Server instance. Once it is installed, you may configure available authentication methods in the web UI under <em><strong>Administration</strong></em> – <em><strong>Configuration</strong></em> – <em><strong>Server settings</strong></em> – <em><strong>Authentication</strong></em>.</td><td>A read-only access in the given organizational unit (OU) within Active Directory, where the Devolutions Server users are stored.</td></tr></tbody></table>
{% endtab %}

{% tab title="Linux" %}

### Linux SQL accounts <a href="#linux-sql-accounts" id="linux-sql-accounts"></a>

Devolutions Server for Linux does not require the same number of accounts as a Windows instance. It runs as a Kestrel application with a self-contained scheduler. Therefore, a single Linux user is required to run a Devolutions Server instance.

{% hint style="success" %}
It is recommended to use separate accounts for the different roles.
{% endhint %}

<table data-header-hidden><thead><tr><th width="136"></th><th width="96"></th><th width="264"></th><th></th></tr></thead><tbody><tr><td><strong>ACCOUNT</strong></td><td><strong>TYPE</strong></td><td><strong>PURPOSE</strong></td><td><strong>REQUIREMENTS</strong></td></tr><tr><td><strong>DVLS_Owner</strong></td><td>Linux User</td><td>A sudo-enabled account is required to run the installation scripts to install a Devolutions Server instance.</td><td></td></tr><tr><td><strong>DVLS_Runner</strong></td><td>Linux User</td><td>The Linux account is assigned to the running Devolutions Server instance controlled by a SystemD unit file.</td><td></td></tr><tr><td><strong>DVLS_ADAuth</strong></td><td>Active Directory</td><td>An optional account that is only required if Windows authentication is enabled for a Devolutions Server instance. Once it is installed, you may configure available authentication methods in the web UI under <em><strong>Administration</strong></em> – <em><strong>Configuration</strong></em> – <em><strong>Server settings</strong></em> – <em><strong>Authentication</strong></em>.</td><td>A read-only access in the given organizational unit (OU) within Active Directory, where the Devolutions Server users are stored.</td></tr></tbody></table>
{% endtab %}
{% endtabs %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.devolutions.net/server/knowledge-base/knowledge-base-articles/pre-deployment-account-survey.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.