Step 11 - Grant FCI Machine Account Read and Execute Permissions

Applies To: Windows Server 2008, Windows Server 2008 R2

This step explains how to grant the FCI machine account read and execute permissions to the ServerCertification.asmx page. This is required because it allows the AD RMS Bulk Protection Tool to run under the local system account on the FCI server.

To add the Read & Execute permissions for the FCI machine account on ServerCertification.asmx

1. Log on to ADRMS.fabrikam.com Server as Administrator

2. Click Start, select Computer, double-click Local Disk (C:), double-click inetpub, double-click wwwroot, double-click _wmcs, double-click certification, right-click ServerCertification.asmx and select Properties. This will bring up the ServerCertification.asmx Properties.

3. On the ServerCertification.asmx properties, select the Security tab, and then click Edit. This will bring up the Permissions for ServerCertification.asmx.

4. On the Permissions for ServerCertification.asmx screen, click Add. This will bring up the Select Users, Computers, or Groups screen.

5. On the Select Users, Computers, or Groups screen, to the right, click the Object Types… button. This will bring up the Object Types screen.

6. On the Object Types screen, place a check in Computers and click Ok. This will close the Object Types screen.

7. On the Select Users, Computers, or Groups screen, under Enter the object names to select, enter fabrikam\FCI and click Check Names. This should resolve with an underline. Click Ok.

8. On the Permissions for ServerCertification.asmx screen, select the newly added fabrikam\FCI$ and verify it has a check in Read & execute. Click Apply Click Ok. This will close the Permissions for ServerCertification.asmx screen.

9. On the ServerCertification.asmx properties, click Ok. This will close the ServerCertification.asmx properties.