Installing IBM Security Guardium Key Lifecycle Manager as a domain (Active Directory) user on a domain-managed Windows system

You can install IBM® Security Guardium® Key Lifecycle Manager as a domain (Active Directory) user on a domain-managed Windows system.

Prerequisites for a domain installation

If the user installing IBM Security Guardium Key Lifecycle Manager is a domain user, ensure that the user is added to the local administrators group.

If you plan to use a domain user as the Db2® administrator user, ensure that the user is added to the local administrators group.

By default, Db2 creates two groups locally, DB2ADMNS and DB2USERS, and adds the Db2 administrator user to the DB2ADMNS group.

(Optional) If you want to add the Db2 administrator user to the Active Directory groups, then follow these steps:
  1. Create the required domain groups in the Active Directory: DB2ADMNS, DB2USERS.
  2. Add the Db2 database user to the domain groups that you created in step 1.
  3. Create the sklmInstall.properties file in the %TEMP% directory and add the following properties:
    ADD_USER_TO_DOMAIN_GROUPS=yes
DB2_USERSGROUP_NAME=DB2USERS
DB2_ADMINGROUP_NAME=DB2ADMNS
DB2_ADMINGROUP_DOMAIN=DomainName
DB2_USERSGROUP_DOMAIN=DomainName
    Table 1. Description of properties
    Property Description
    ADD_USER_TO_DOMAIN_GROUPS Specify yes to indicate that the Db2 administrator user must be added to domain groups. Possible values:
    • yes
    • no
    DB2_USERSGROUP_NAME Specify DB2USERS as the name of the domain user group to which you want to add the Db2 administrator.

    Ensure that the DB2USERS user group exists.
    DB2_ADMINGROUP_NAME Specify DB2ADMNS as the name of the domain administrator group to which you want to add the Db2 administrator.

    Ensure that the DB2ADMNS administrator group exists.
    DB2_ADMINGROUP_DOMAIN Specify the name of the domain of the administrator group.
    DB2_USERSGROUP_DOMAIN Specify the name of the domain of the user group.
    Note: Ensure that you specify the same value that you provide for the DB2_ADMINGROUP_DOMAIN property.

Installing on a domain system

Instructions to install on a domain system are similar to installing on a stand-alone system. For more information, see Installing IBM Security Guardium Key Lifecycle Manager.