Securing the reporting server
Published: December 16, 2009
Applies To: Forefront Client Security
The reporting server runs the following applications:
MOM 2005 Reporting
SQL Server 2005 Reporting Services
Internet Information Services (IIS) 6.0
Reporting user roles and permissions
To grant report-viewing permission, it is recommended that you use the predefined roles provided with SQL Server Reporting Services. When you assign users the Browser role, they can access the reports with Report Manager but cannot change settings in SQL Server Reporting Services. For information about assigning report-viewing permission to Client Security users, see Controlling report-viewing permission (http://go.microsoft.com/fwlink/?LinkId=86988).
For more information about predefined SQL Server Reporting Services roles, see Predefined Roles Overview (http://go.microsoft.com/fwlink/?LinkID=78988).
SSL security for connections to the reporting server
It is recommended that you configure the reporting server to use Secure Sockets Layer (SSL) to secure the following connections:
Management server to reporting server, for retrieval of reporting data displayed in the Client Security console
Client computer to reporting server, for viewing reports in Report Manager
On the reporting server, configure IIS to use SSL. For more information, see How to implement SSL in IIS (http://go.microsoft.com/fwlink/?LinkId=87011).
Configure SQL Server Reporting Services to use SSL for encrypting reports. For more information about configuring SQL Server Reporting Services to use SSL, see Configuring a Report Server for Secure Sockets Layer (SSL) Connections (http://go.microsoft.com/fwlink/?LinkId=87009).
Configure MOM 2005 Reporting to use SSL. For more information, see "MOM Reporting Installation Fails When Using SSL" in Troubleshoot MOM Reporting (http://go.microsoft.com/fwlink/?LinkId=87012).
On the management server, run the Client Security Configuration wizard. To do so, open the Client Security console, and from the Action menu, click Configure. When prompted for reporting URLs, update the URL to use the correct, SSL-enabled URL. These should begin with
Service accounts for reporting
Client Security requires no additional or special requirements for the service account that runs SQL Server Reporting Services. It is recommended that you follow your organization's standards for securing service accounts.
For more information, see Securing service accounts.