Example C: Using a local account to authenticate the RSCM Server

Scenario: A new IT security policy prohibits you from using domain accounts as service accounts. You need to modify the RSCM Service configuration to use a local account to authenticate. When you do this you must move your data to a file system that is local for your RSCM Server.

Procedure

You have the following two options:

  • Option 1: Use the local system account to authenticate the service.



    Note that for added security you can un-check the ‘Allow service to interact with the desktop’ option. Un-checking this prevents processes started by this account from becoming visible on the logged on desktop. For example, if the iCDBNetLauncher process spawns a window on the desktop, the user logged in to that session will not be able to take control of that window and issue commands as that user. The iCDBNetLauncher and iCDBNetServer processes do not spawn any windows, but the most secure option is to un-check this option.

  • Option 2: Create a new local account on your computer to authenticate the service.



    If you use a local account you must give specific access to the share and folders to either the local Users built in group or to the new account since you cannot add a local account to a domain group.

    Note:

    You cannot create a local account on a computer that serves a domain controller. In that case, only Option 1 will work.

Parent Topic: Examples of RSCM Server Configurations for Windows