DAC Installation

Owned by Glenn Huang (Unlicensed)
Last updated: Mar 22, 2023 by Matt Wilkinson

DAC can normally be installed without administrator access to the default location on a Microsoft Windows server platform. The application does need write access to the installation directory and its sub-directories.

Prerequisites for the DAC Agent

Installing the DAC Client involves:

1. Downloading the Installer (Windows Only)

2. Changing the Permissions for Network Service

3. Change the RDP Server Certificate path

A. Private Key - NETWORK SERVICE Permissions

The Remote Desktop Host Services runs under the NETWORK SERVICE account. Therefore, you have to set the system access control list (SACL) of the key file that is used by RDS to include NETWORK SERVICE together with the "Read" permissions.

To change the permissions, follow these Windows Server-specific steps on the Certificates snap-in for the local computer:

Step

Screenshot

Step

Screenshot

Click Start, click Run, type mmc.exe, and then click OK.

 

On the File menu, click Add/Remove Snap-in.

In the Add or Remove Snap-ins dialog box, on the Available snap-ins list, click Certificates, and then click Add.

In the Certificates snap-in dialog box, click Computer account, and then click Next.

In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.

In the Add or Remove Snap-ins dialog box, click OK.

In the Certificates snap-in, on the console tree, expand Certificates (Local Computer), expand Personal, and then select the SSL certificate that you want to use.

Right-click the certificate, select All Tasks, and then select Manage Private Keys.

In the Permissions dialog box, click Add. In the Select Users or Groups dialog, in the Enter the Object Names to select type ‘NETWORK SERVICE’, and click Check Names to validate the entry, and click OK to add the User. Then, you will see the NETWORK SERVICE.

Check to ensure the Read permission for Network Service is checked to Allow checkbox, and then click OK.

While here double-click at the Certificate click on details, scroll down, and extract the Thumbprint of the certificate.

 

B. Change RDP Server Certificate

Set the RDP Server Certificate with the hash/thumbprint of the certificate that you extracted in the prior step.

Step

Screenshot

Step

Screenshot

Click Start, click Run, type

wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting Set SSLCertificateSHA1Hash="THUMBPRINT OF CERTIFICATE"

 

 

 

 

 

Can't find what you're looking for? Send an E-mail to support@apica.io