Using Windows Authentication in a Single Computer Deployment

You might want to deploy Commerce Server on a single computer, for example, if you are a developer building a site.

The deployment scenario explained in this topic is:

  • Internet Information Services (IIS) and the SQL Server databases (the Administration database and the Commerce Server site databases) are installed on the same computer.

  • SQL Server is configured for Mixed Mode authentication (Windows Authentication and SQL Server Authentication).

  • Commerce Server is configured for Windows Authentication.

    Users who connect to Business Desk and a Commerce Server site using a Windows user account can make use of trusted connections (connections validated by Windows). The users are identified by their Windows login ID and do not have to enter a separate SQL Server login ID.

To set up a Commerce Server site for trusted connections

  1. Create an Active Directory domain. For instructions, see Step 1: Configure Active Directory and DNS on Computer 1.

  2. Create a user account on the Active Directory domain so anonymous users can access SQL Server.

  3. Change the IUSR_<computer> account in IIS to the anonymous account created in Step 2.

  4. For the IWAM_<computer> account, assign the SQL Server db_owner role for the Commerce Server site database (not the MSCS_Admin database).

  5. When you install the Commerce Server services (Direct Mailer, Predictor, and List Manager), specify a Windows account(s) that has access to SQL Server.

    Commerce Server Setup automatically grants the logon as a service right to the account(s) you specify.

For information about the service accounts, see Securing Service Accounts.

For instructions about changing a service account or password, see Changing a Service Account or Password.

You do not need to do the following:

  • Grant trusted delegation to the domain logons
  • Change the security policies
  • Modify COM+ roles

Copyright © 2005 Microsoft Corporation.
All rights reserved.