Security During RMS Setup

Updated: June 1, 2008

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To install and configure RMS, setup uses the credentials of the logged-on user. For this purpose, the administrator who performs the installation procedure must log on with a user account that is a member of the local Administrators group, which must also be a domain user account.

During the installation procedure the Windows Installer service is started. This service inherits its parent user token. Later, if post-process custom actions exist, the Windows Installaer uses the identity of the logged-on user. This occurs regardless of whether the process is started from within a browser or from the command-line.

RMS Setup performs the following tasks:

  • Copies files to C:\Program Files\RMS folder. This folder typically allows both Administrators and Power Users to gain access to it. You can configure the drive and file location during Setup.

  • Creates the provisioning Web site, the RMS Administration Web site, on port 5720, by default. This Web site points to installed files.

  • Creates an application pool, WMCSProvisioningAppPool, and associates it with the RMS Administration Web site. The service account that is used by this application pool is the Network Services service account.

  • Installs performance counters.

  • To the RMS Service Group, grants Read and Write permissions to the following registry key.

    On computers running the 32-bit version of Windows Server 2003

    HKEY_LOCAL_MACHINE\Software\Microsoft\DRMS\1.0

    On computers running the 64-bit version of Windows Server 2003

    HKEY_LOCAL_MACHINE\Software\WOW6432Node\Microsoft\DRMS\1.0

Community Additions

ADD
Show: