Com+ security configurations on both Servers (Windows server 2003 R2)
Prepared by:
Tom
Date:
2008-06-4
Introduction:
Customer requires more security system to running CAS application. And the Microsoft company system software windows server 2003 is meeting customer’s requirement. But more security means more fussy configurations. So we should provide some documents to showing the steps.
This document introduces how to configure com+ security both on CAS server (Windows server 2003 R2).
Basic configure document after installed CAS.
If CAS Application and Presentation were installed on different Windows2003 Server, com+ security configure must be consider, other way CAS would be report “Access is Denied” or “Permission Denied” error.
Two methods configure com+.
1.
The com+ security setting steps with the two servers belong to the same domain;(
Recommend)
COM+ security configuration on CAS Presentation server (PS) steps.
Add CAS PS to a domain. For example “TomDNS”.
COM+ security configuration on CAS Application server (AP) steps.
⑴
Add CAS AP to a domain. The domain is same with PS. For example “TOMDNS”.
⑵
Login CAS AP with administrator (Local account) or a domain account.
⑶
Open “Windows Components Wizard”, be sure selected the checkbox “Enable Network COM+ access” .
⑷
Open “Component Services”, Right click “
”, properties.
Launch and activation Permissions: Click button “Edit Limits…”, change “Everyone” permissions .
⑸
Reset two servers to check it again.
2.
The com+ security setting steps with the two servers not belong to the same workgroup;
COM+ security configuration on CAS Presentation server (PS) steps.
Using default setting as basic configure document.
COM+ security configuration on CAS Application server (AP) steps.
⑴
Open “Windows Components Wizard”, be sure selected the checkbox “Enable Network COM+ access” .
⑵
Open “Component Services”, Right click “
”, properties.
Access Permissions: Click button “Edit Default” to edit the com+ access permission users. Add “Everyone” and “NETWORK” or “
ANONYMOUS”.
Launch and activation Permissions: Click button “Edit Default”, add “Everyone” and “NETWORK” or “
ANONYMOUS”.
Launch and activation Permissions: Click button “Edit Limits…”, change “Everyone” permissions .
⑶
MSDTC security configures.
Open “Component Services”, right click “My Computer”, select Properties, select the tab “MSDTC”, Click button “Security configuration”.
Configure MSDTC security.
⑷
Open “Component Services”, right click “My Computer”, select Properties, select the tab “Default Properties”, the “Default Authentication Level” setting to “None”;
⑸
Right click “Com+ Applications”->”X Products Core”, select menu “Properties”. Setting “Authentication Level for Calls” to “None”.
⑹
Enable user “Guest” .
Note: If you also meet error “Access is denied”, change two servers administrator password to the same password.
⑺
Reset two servers to check it again.