GAPTHEGURU

Geek with special skills

Unable to edit the DCOM settings for IIS WAMREG admin service on a Windows Server 2008 R2 when trying to configure Kerberos Authentication for Role Centers

I came across an issue recently where we were configuring Enterprise Portal and Role Centers to use Kerberos authentication. One of the steps in the whitepaper (and also as given here http://technet.microsoft.com/en-us/library/ee355057.aspx) is to configure DCOM settings to grant the business connector proxy user account Launch and Activation permissions for the IIS WAMREG admin service package. We were able to do this successfully on a Windows Server 2003 R2/2008 system, however on a Windows Server 2008 R2 system the options are all greyed out/disabled in Component Services.

 This is by design. Due to new security considerations, some core system components only grant the local internal account, TrustedInstaller, Full Control permission instead of the local Administrators group.

To be able to modify the settings of IIS WAMREG admin service” on a Windows Server 2008 R2 system, you need to grant the local Administrators group permissions to its registry key as follows:

Registry information: Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.

 

1. Run Regedit.exe and browse to “HKEY_CLASSES_ROOT\AppID\{61738644-F196-11D0-9953-00C04FD919C1}” key.
2. Secondary-mouse click on the {61738644-F196-11D0-9953-00C04FD919C1} key and select Permissions
3. Click the Advanced button in the Permissions window and select the Owner tab. Under Change owner to select the local Administrators group and click on Apply, then OK.
4. Then under Permissions window, select the local Administrators group and under Permissions for Administrators select Full Control and click on Apply, then OK.
NOTE: DO NOT modify/change any permissions for the TrustedInstaller account.
5. Re-run the Component Services management console (dcomcnfg.exe) and you should now be able to modify the settings for IIS WAMREG admin service package.
7.Use the following steps to grant the AX Business Connector Proxy User account the Launch and Activation rights

a. Expand Component Services, expand Computers, expand My Computer, and expand DCOM Config.
b. Right-click IIS WAMREG admin Service, and then click Properties.
c. Click the Security tab.
d. Under Launch and Activation Permissions, click Edit.
e. Under Group or user names section, add the Business Connector Proxy User account, and select the user account
f. Under Permissions for the Business Connector Proxy User account, select the Local Launch and Local Activation checkboxes
g. Click OK and OK and close the Component Services management console.

REFERENCES:

The TrustedInstaller account was introduced with Windows Server 2008 – see http://technet.microsoft.com/en-us/library/cc731677(WS.10).aspx for more details.

Advertisements

12/13/2011 Posted by | Delegation, Kerberos, Security, Sql Server | , , | Leave a comment

Keyboard Shortcuts in SQL Query Analyzer

CTRL-SHIFT-F2         -- Clear all bookmarks.
CTRL+F2               -- Insert or remove a bookmark (toggle).  
F2                    -- Move to next bookmark.  
SHIFT+F2              -- Move to previous bookmark.  
ALT+BREAK             -- Cancel a query.  
CTRL+O                -- Connect.  
CTRL+F4               -- Disconnect.  
CTRL+F4               -- Disconnect and close child window.  
ALT+F1                -- Database object information.  
CTRL+SHIFT+DEL        -- Clear the active Editor pane.  
CTRL+SHIFT+C          -- Comment out code.  
CTRL+C or Ctrl+Insert -- Copy 
CTRL+X or Shift+Del   -- Cut 
SHIFT+TAB             -- Decrease indent.  
CTRL+DEL              -- Delete through the end of a line in the Editor pane.  
CTRL+F                -- Find.  
CTRL+G                -- Go to a line number.  
TAB                   -- Increase indent.  
CTRL+SHIFT+L          -- Make selection lowercase.  
CTRL+SHIFT+U          -- Make selection uppercase.  
CTRL+V or Shift+Insert -- Paste.  
CTRL+SHIFT+R          -- Remove comments.  
F3                    -- Repeat last search or find next.  
CTRL+H                -- Replace.  
CTRL+A                -- Select all.  
CTRL+Z                -- Undo.  
F5 or Ctrl + E        -- Execute a query.  
F1                    -- Help for Query Analyzer.  
SHIFT+F1              -- Help for the selected Transact-SQL statement.  
F6                    -- Switch between query and result panes.  
Shift+F6              -- Switch panes.  
CTRL+W                -- Window Selector.  
CTRL+N                -- New Query window.  
F8                    -- Object Browser (show/hide).  
F4                    -- Object Search.  
CTRL+F5               -- Parse the query and check syntax.  
CTRL+P                -- Print 
CTRL+D                -- Display results in grid format.  
CTRL+T                -- Display results in text format.  
CTRL+B                -- Move the splitter.  
CTRL+SHIFT+F          -- Save results to file.  
CTRL+R                -- Show Results pane (toggle). 
CTRL+S                -- Save 
CTRL+SHIFT+INSERT     -- Insert a template.  
CTRL+SHIFT+M          -- Replace template parameters.  
CTRL+L                -- Display estimated execution plan.  
CTRL+K                -- Display execution plan (toggle ON/OFF).  
CTRL+I                -- Index Tuning Wizard.  
CTRL+SHIFT+S          -- Show client statistics  
CTRL+SHIFT+T          -- Show server trace.  
CTRL+U                -- Use database

12/13/2011 Posted by | Sql Server | , | Leave a comment

   

%d bloggers like this: