Installing the software prerequisites on the collection server for a four-server topology

Published: December 16, 2009

Applies To: Forefront Client Security

The collection server has one prerequisite: SQL Server with SP2 or SP1. Before installing the prerequisite, verify that the server meets the hardware and operating system requirements and that you have installed all critical computer and security updates. As part of the updates, make sure that you have Windows Update Agent 2.0 or later. Windows Update Agent automatically updates itself to the latest versions when you download updates from Microsoft.

In addition, you must enable network COM+ access and grant permissions to the SQL Server Agent account that runs on the reporting server.

Install SQL Server 2005 with SP2 or SP1

To use an existing installation of SQL Server, when running the Client Security Setup wizard, provide the server location. You still must use SQL Server 2005 with SP2 or SP1. In addition, the existing installation must not have a OnePoint database. (This is created for the collection server as part of the Client Security installation.)

About installing SQL Server 2005 on the collection server
  • For detailed information about installing SQL Server 2005, see SQL Server 2005 Books Online (http://go.microsoft.com/fwlink/?LinkId=77422).

  • When installing SQL Server 2005, you must do the following:

    • Install Database Services and Workstation components. (On the Components to Install page, select the following check boxes: SQL Server Database Services and Workstation components.)

    • Use a domain user or network service account for the SQL Server and SQL Server Agent service accounts. It is recommended that you use a domain user account. (On the Service Account page of the wizard, click Domain user account.)

    • Have the SQL Server Agent service start automatically. (On the Service Account page, under Start services at the end of setup, select the SQL Server Agent check box.)

    • Use collation that is not case-sensitive. (On the Collation Settings page of the wizard, choose an option that is not case-sensitive.)

  • When installing SQL Server 2005, you should use Windows Authentication as the security mode. Windows Authentication mode is much more secure than mixed mode. (On the Authentication Mode page, select Windows Authentication Mode.)

To install SP2 or SP1 for SQL Server 2005
  • Do one of the following:

    • Download and install SP2 for SQL Server 2005 from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkID=84823).

    • Download and install SP1 for SQL Server 2005 from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=77417).

Change the location for data and log files

After installing SQL Server 2005, you can change the location for SQL Server data and log files.

To change the location for data and log files
  1. Open SQL Server Management Studio. (On the Start menu, click All Programs, click Microsoft SQL Server 2005, and then click SQL Server Management Studio.)

  2. In the Connect to Server dialog box, click Connect.

  3. Right-click the root server name node, and then click Properties.

  4. In the Server Properties dialog box, under Select a page, click Database Settings.

  5. In Database default locations, enter the locations you want to use for the data and log files, and then click OK.

Enable network COM+ access

To enable network COM+ access
  1. In Control Panel, click Add or Remove Programs.

  2. In the Add or Remove Programs dialog box, click Add/Remove Windows Components.

  3. In the Windows Components Wizard, select the Application Server, and then click Details.

  4. In the Application Server dialog box, select Enable network COM+ access.

Grant permissions to the SQL Server Agent account

You must give permissions for the account under which the SQL Server Agent runs (on the reporting database) to the collection server. By doing so, you will enable the SQL Server Agent account for the reporting database to access the collection database.

To determine what account the SQL Server Agent runs under
  • On the reporting server, open the Services console, double-click SQL Server Agent (MSSQLSERVER), and then click the Log On tab.

To grant permissions to the account
  • On the collection server, add the computer account for the reporting server (if the SQL Server Agent runs under the local system), or the domain account that the agent runs under, to the following group: SQLServer2005MSSQLUser $computername$ MSSQLSERVER

    noteNote:
    To add a computer to a group, you must enable the object first. When adding the computer to the group, click Object Type in the Select Users, Computers, or Groups dialog box, and then select the Computers check box in the Object Types dialog box.

Show: