FIM 2010 R2: BHOLD Core root account is used for BHOLD FIM Integration
This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Forefront Identity Manager 2010 R2 Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).
Product |
Forefront Identity Manager 2010 R2 |
Feature |
BHOLD |
Operating System |
Windows Server 2008 R2 |
Severity |
Error |
Category |
Configuration |
Issue
The BHOLD Core root account is also being used by BHOLD FIM Integration to connect to FIM or BHOLD Core.
The BHOLD Core root account is also being used as the service account in BHOLD FIM Integration. By default, the BHOLD Core root account is the account of the user who installed BHOLD Core.
Impact
Using the BHOLD Core root account in BHOLD FIM Integration introduces the risk of rights elevation, compromising the security of FIM and BHOLD.
Resolution
Create a separate account for use by BHOLD FIM Integration and then reinstall BHOLD FIM Integration.
After creating and configuring the BHOLD FIM Integration service account, you must uninstall BHOLD FIM Integration and then reinstall it, specifying the new account.
To uninstall BHOLD FIM Integration
On the BHOLD FIM Integration server, click Start, click Control Panel, and then under Programs, click Uninstall a program.
Right-click Microsoft BHOLD Suite - FIM Integration, click Uninstall, and then click Yes.
To install BHOLD FIM Integration, follow the instructions in BHOLD FIM Integration Installation (https://technet.microsoft.com/en-us/library/jj134093(v=ws.10)), noting the requirements for the accounts specified in Connect to Forefront and Connect to BHOLD Core.
Additional references
For more information, see Microsoft BHOLD Suite Installation Guide (https://technet.microsoft.com/en-us/library/jj134107(v=ws.10)).