Security During RMS Setup
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To install and configure RMS, setup uses the credentials of the logged-on user. For this purpose, the administrator who performs the installation procedure must log on with a user account that is a member of the local Administrators group, which must also be a domain user account.
During the installation procedure the Windows Installer service is started. This service inherits its parent user token. Later, if post-process custom actions exist, the Windows Installaer uses the identity of the logged-on user. This occurs regardless of whether the process is started from within a browser or from the command-line.
RMS Setup performs the following tasks:
Copies files to C:\Program Files\RMS folder. This folder typically allows both Administrators and Power Users to gain access to it. You can configure the drive and file location during Setup.
Creates the provisioning Web site, the RMS Administration Web site, on port 5720, by default. This Web site points to installed files.
Creates an application pool, WMCSProvisioningAppPool, and associates it with the RMS Administration Web site. The service account that is used by this application pool is the Network Services service account.
Installs performance counters.
To the RMS Service Group, grants Read and Write permissions to the following registry key.
On computers running the 32-bit version of Windows Server 2003
HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0
On computers running the 64-bit version of Windows Server 2003
HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\DRMS\1.0