Securing the reporting server

Applies To: Forefront Client Security

The reporting server runs the following applications:

  • MOM 2005 Reporting

  • SQL Server 2005 Reporting Services

  • Internet Information Services (IIS) 6.0

  • ASP.NET

Reporting user roles and permissions

To grant report-viewing permission, it is recommended that you use the predefined roles provided with SQL Server Reporting Services. When you assign users the Browser role, they can access the reports with Report Manager but cannot change settings in SQL Server Reporting Services. For information about assigning report-viewing permission to Client Security users, see Controlling report-viewing permission (https://go.microsoft.com/fwlink/?LinkId=86988).

For more information about predefined SQL Server Reporting Services roles, see Predefined Roles Overview (https://go.microsoft.com/fwlink/?LinkID=78988).

SSL security for connections to the reporting server

It is recommended that you configure the reporting server to use Secure Sockets Layer (SSL) to secure the following connections:

  • Management server to reporting server, for retrieval of reporting data displayed in the Client Security console

  • Client computer to reporting server, for viewing reports in Report Manager

To use SSL to protect Client Security reporting data

  1. On the reporting server, configure IIS to use SSL. For more information, see How to implement SSL in IIS (https://go.microsoft.com/fwlink/?LinkId=87011).

  2. Configure SQL Server Reporting Services to use SSL for encrypting reports. For more information about configuring SQL Server Reporting Services to use SSL, see Configuring a Report Server for Secure Sockets Layer (SSL) Connections (https://go.microsoft.com/fwlink/?LinkId=87009).

  3. Configure MOM 2005 Reporting to use SSL. For more information, see "MOM Reporting Installation Fails When Using SSL" in Troubleshoot MOM Reporting (https://go.microsoft.com/fwlink/?LinkId=87012).

  4. On the management server, run the Client Security Configuration wizard. To do so, open the Client Security console, and from the Action menu, click Configure. When prompted for reporting URLs, update the URL to use the correct, SSL-enabled URL. These should begin with https.

Service accounts for reporting

Client Security requires no additional or special requirements for the service account that runs SQL Server Reporting Services. It is recommended that you follow your organization's standards for securing service accounts.

For more information, see Securing service accounts.