During the installation of the Management Portal, the installation will check to verify that the Management Portal Service Account is a member of the Local Administrators group on the system. In some instances, even if this account is a member of the Local Administrators Group the error may be displayed:
"The specified user account for management portal service account is not a member of the Local Administrators group on the system where the management portal is deployed. Do you want to add the user account as a member of the Local Administrators group to proceed?" After clicking 'Yes;' the process may appear to continue however the Management Portal may not function correctly.
You may also see the following error:
Error: "Unable to modify the file security for the reports configuration file (C:\Program Files\One Identity\Defender\Management Portal\WWW\Areas\Reports\Generators\cred.at). Please ensure the System Service Account has read access." when attempting to set the service account in the Defender Management Portal.
1. Ensure the correct account being used for the Management Portal Service account is indeed a member of the Local Administrators group on the system where the Management Portal is being installed.
2. Verify there are no orphaned / incorrect objects in the Local Administrators group (or groups that are a member of the Local Administrator) eg; that are only showing SID (eg S-1-5-21-1234567890...)
3. If the above is not successful, also possibly review testing with only the Local Administrators being the only member in Local Administrators, or possibly testing with a Domain Administrator accounts used for the Management Portal service account.