Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Configuring Client Security on a three-server topology

Published: December 16, 2009

Applies To: Forefront Client Security

To configure Client Security, you must run the Configuration wizard on the management, collection, and reporting server, and then you must grant additional permissions to the service accounts.

Configure Client Security on the management, collection, and reporting server

The Configuration wizard runs automatically when you open the Client Security console for the first time.

To configure Client Security
  1. Using an account that has local administrator privileges on all of the Client Security servers, log on to the management, collection, and reporting server.

  2. Open the Client Security console. (Click Start, point to All Programs, point to Microsoft Forefront, point to Client Security, and then click Microsoft Forefront Client Security Console.)

  3. If the Configuration wizard doesn't start automatically, click Configure on the Action menu.

  4. On the wizard's Before You Begin page, click Next.

  5. On the Collection Server and Database page, do the following:

    1. In the Collection server box, enter the name of the current computer (the default value).

    2. In the Collection database box, enter the name of the current computer (the default value) and the SQL Server instance, if necessary.

    3. In the Management group name box, enter the name of the management group you specified during the Setup wizard, and then click Next.

  6. On the Reporting Database page, do the following:

    1. In the Reporting database box, enter the reporting database server and, if necessary, the SQL Server instance. The default value is not correct for this topology.

    2. In the Reporting account box, enter the user name and password for the reporting account, and then click Next.

  7. On the Reporting Server page, do the following:

    1. In the Reporting server box, enter the name of the current computer (the default value).

    2. In the URL for Report Server and URL for Report Manager boxes, ensure the default values are entered, and then click Next.

  8. On the Verifying Settings and Requirements page, verify your system requirements, and then click Next. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

    • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (http://go.microsoft.com/fwlink/?LinkId=82466) in the Client Security Troubleshooting Guide.

    • Setup issues (http://go.microsoft.com/fwlink/?LinkId=82442) in the Client Security Troubleshooting Guide.

  9. On the Completing the Configuration Wizard page, verify that you have successfully configured Client Security, and then click Close. If you receive an error, you cannot continue configuring Client Security. If you receive a warning or error, see the following resources for more information:

    • Configuration log file. (To view, click View Log.) For more information about the configuration log file, see Overview of log files (http://go.microsoft.com/fwlink/?LinkId=82466) in the Client Security Troubleshooting Guide.

    • Setup issues (http://go.microsoft.com/fwlink/?LinkId=82442) in the Client Security Troubleshooting Guide.

Grant the correct permissions for the service accounts

Before using Client Security, you must grant additional permissions to the service accounts.

To grant the correct permissions for the service accounts
  1. On the management, collection, and reporting server, add the action account to the Administrators group.

  2. Grant the reporting account db_owner permissions on the SystemCenterReporting database on the reporting database server.

  3. If you used different accounts for the DAS account and the action account, grant the action account db_owner permissions on the OnePoint database on the management, collection, and reporting server.

  4. If you used different accounts for the DAS account and the reporting account, grant the reporting account db_owner permissions on the OnePoint database on the management, collection, and reporting server.

  5. If the collection server is installed on Windows Server 2008, and User Account Control (UAC) is enabled on that server, you must manually add the DAS account to the MOM Administrators local group.

To grant permissions to SQL Server databases
  1. On the server with the appropriate database (OnePoint or SystemCenterReporting), start SQL Server Management Studio.

  2. In the console tree, expand Security.

  3. Right-click Logins, and then click New Login on the shortcut menu.

  4. In the Login dialog box, type the appropriate service account (domain\username) in the Login name box.

  5. Under Select a page, click User Mapping, and then in the Map column, select the check box for the appropriate database.

  6. In the Database role membership box, select the db_owner check box, and then click OK.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.