Академический Документы
Профессиональный Документы
Культура Документы
g it to Local System) The reason for setting all of these file permissions is that these accounts read/write/and delete files from the FileTransfer folder as part of how the HFM Web application works.
Under Local Users and Groups (execute lusrmgr.msc from the run prompt) Assign the user GOLDBAR\hypadmin to the Distributed COM Users group. This needs to be set explicitly even though GOLDBAR\hypadmin is in the Local Administrators group and I noticed that this was not setup on the servers. Verify that the GOLDBAR\hypadmin account is in the Local Administrators group on each server.
Under Local Policy (execute secpol.msc from the run prompt) Assign the user GOLDBAR\hypadmin the following rights: 1. 2. 3. 4. Act as Part of Operating System Bypass Traverse Checking Log on as Batch Job Allow Logon Locally
Only a subset of these rights are currently assigned on the servers and all four of these should be set on each of the servers listed above.
1. DCOM Security Considerations verify the following:
45
Under DCOM Configuration (execute dcomcnfg from the run prompt) Under Component Services > My Computer, right-click on > Properties On the tab Default Properties: 1. Verify Enable Distributed COM on this computer is checked 2. Default Authentication level should be None 3. Default Impersonation Level should be Identify
46
Verify that the users Everyone, Anonymous Logon, Interactive, and System have been added and given Allow for Local and Remote Access. There may be a lot of other users/groups already listed here as well. 2. Repeat the process for Edit Default
Verify that the users Everyone, Anonymous Logon, Interactive, and System have been added and given Allow for Local and Remote Access. There may be a lot of other users/groups already listed here as well.
47
Verify that the users Everyone, Anonymous Logon, Interactive, and System have been added and given Allow for Local and Remote Access. There may be a lot of other users/groups already listed here as well. 2. Repeat the process for Edit Default
Verify that the users Everyone, Anonymous Logon, Interactive, and System have been added and given Allow for
48
Local and Remote Access. There may be a lot of other users/groups already listed here as well.
2. DCOM Application Considerations verify the following:
Under DCOM Configuration (execute dcomcnfg from the run prompt) Under Component Services > My Computer > DCOM Config For each of the DCOM applications (Note not all of these applications are on each server) do the following: HsvDataSource HsxServer HfmServer HfmService Right-click on the DCOM application and select properties.
49
1. 2. 3. 4.
Select the Identity Tab: Select This User Input the DCOM user GOLDBAR\hypadmin Click on apply
50
Add the users Everyone, Anonymous Logon, Interactive, and System to Launch and Activation Permissions and give them the following rights:
Add the users Everyone, Anonymous Logon, Interactive, and System to Access Permissions and give them the following rights:
Add the users Everyone, Anonymous Logon, Interactive, and System to Configuration Permissions and give them the following rights (except for special they dont need it and probably cannot select it anyway):
51