Overview

Forensic Tools allows you to install FTK/Lab/Enterprise so that it can be run by users who do not have administrator access to the local machine.  However, there are some special requirements to be able to create cases, process evidence, and export data in this type of configuration.

 

Note: This only allows the FTK/Lab/Enterprise interface to run by users without Administrator permissions.  The background services still require an account with local Administrator permissions.

 

Prerequisites

  • A service account with machine administrator permissions

 

Procedure

    1. While installing Forensic Tools, at the Setup Type dialog, check Install product with NO Administrator rights when running.
      https://s3.amazonaws.com/cdn.freshdesk.com/data/helpdesk/attachments/production/69009875725/original/2020-11-17_14_27_27-Install_Test_on_BBONEDELLTOP_-_Virtual_Machine_Connection.png?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAS6FNSMY2XLZULJPI%2F20210926%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20210926T163957Z&X-Amz-Expires=300&X-Amz-SignedHeaders=host&X-Amz-Signature=f91d6f0279a5bcb7b55c6bccf10f97d7266a66b2a19ec384af35bf96735d3f09
    2. Make sure all services are set to use the service account credentials.
    3. Instead of installing a local Processing Engine, install and configure a Distributed Processing Manger and at least one Distributed Processing Engine (make sure to use the service account credentials).
    4. While installing the Distributed Processing Manager, set the Processing State folder location to a folder that the service account has full control of, like "C:\AccessData\PM".
    5. While installing the Distributed Processing Engine(s), set the Processing Temporary folder location to a folder that the service account has full control of, like "C:\AccessData\ADTemp".
    6. After installation, but before opening any products, make sure the the service account and any Windows/domain accounts that will be running FTK/Lab/Enterprise have full permissions to the following folders:
      - "%ProgramData%\AccessData" and all subfolders and files
      - Any folders/shares used for case, evidence, and export storage
    7. Launch FTK/Lab/Enterprise as Administrator. This is required for the first run.
    8. Set up and initialize the database
    9. Check that all users have full read/write access to the temp location for  FTK/Lab/Enterprise Found in 'Tools > Preferences' menu. 
    10. At this point FTK/Lab/Enterprise can be run under "Standard" Windows accounts.