Export (0) Print
Expand All

Configuring Client Security on a one-server topology

Published: December 16, 2009

Applies To: Forefront Client Security

To configure Client Security, you must run the Configuration wizard. The wizard runs automatically when you open the Client Security console for the first time.

To configure Client Security
  1. Using an account that has local administrator privileges, log on to the Client Security server.

  2. Open the Client Security console. (Click Start, point to All Programs, point to Microsoft Forefront, point to Client Security, and then click Microsoft Forefront Client Security Console.)

  3. If the Configuration wizard doesn't start automatically, click Configure on the Action menu.

  4. On the wizard's Before You Begin page, click Next.

  5. On the Collection Server and Database page, do the following:

    1. In the Collection server box, enter the name of the current computer (the default value).

    2. In the Collection database box, enter the name of the current computer (the default value) and the SQL Server instance, if necessary.

    3. In the Management group name box, enter the name of the management group you specified during the Setup wizard.

  6. On the Reporting Database page, do the following:

    1. In the Reporting database box, enter the name of the current computer (the default value) and, if necessary, the SQL Server instance.

    2. In the Reporting account box, enter the user name and password for the reporting account, and then click Next.

  7. On the Reporting Server page, do the following:

    1. In the Reporting server box, enter the name of the current computer (the default value).

    2. In the URL for Report Server and URL for Report Manager boxes, ensure the default values are entered, and then click Next.

  8. On the Verifying Settings and Requirements page, verify your system requirements, and then click Next. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

    • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (http://go.microsoft.com/fwlink/?LinkId=82466) in the Client Security Troubleshooting Guide.

    • Setup issues (http://go.microsoft.com/fwlink/?LinkId=82442) in the Client Security Troubleshooting Guide.

  9. On the Completing the Configuration Wizard page, verify that you have successfully configured Client Security, and then click Close. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

    • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (http://go.microsoft.com/fwlink/?LinkId=82466) in the Client Security Troubleshooting Guide.

    • Setup issues (http://go.microsoft.com/fwlink/?LinkId=82442) in the Client Security Troubleshooting Guide.

Grant the correct permissions for the service accounts

Before using Client Security, you must grant additional permissions to the service accounts.

To grant the correct permissions for the service accounts
  1. On the Client Security server, add the action account to the Administrators group.

  2. Grant the reporting account db_owner permissions on the SystemCenterReporting database.

  3. If you used different accounts for the DAS account and the action account, grant the action account db_owner permissions on the OnePoint database.

  4. If you used different accounts for the DAS account and the reporting account, grant the reporting account db_owner permissions on the OnePoint database.

  5. If Client Security server components are installed on a server that has User Account Control (UAC) enabled, you must manually add the DAS account to the MOM Administrators local group.

To grant permissions to SQL Server databases
  1. On the server with the appropriate database (OnePoint or SystemCenterReporting), start SQL Server Management Studio.

  2. In the console tree, expand Security.

  3. Right-click Logins, and then click New Login on the shortcut menu.

  4. In the Login dialog box, type the appropriate service account (domain\username) in the Login name box.

  5. Under Select a page, click User Mapping, and then in the Map column, select the check box for the appropriate database.

  6. In the Database role membership box, select the db_owner check box, and then click OK.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft