Question & Answer
Question
What should the registry and folder security settings be for IDM Web Services?
Cause
Implementation of company security policies on the server may leave IDM Web Services with insufficient permissions to run properly. The following is a list of security settings that will give adequate permissions for IDM Web Services.
This list is designed to serve as a starting point and checklist for creating a security policy for the server. Ultimately, it is up to the customer to determine what security settings they will implement.
Answer
Windows Registry Settings
Use regedit.exe to modify the Windows Registry security. When setting these values, be sure that Allow inheritable permissions from parent to propagate to this object is checked.
- HKEY_CLASSES_ROOT (Unified Logon only)
- HKEY_LOCAL_MACHINE\Software\FileNET
- HKEY_LOCAL_MACHINE\Software\ODBC
- HKEY_USERS\.DEFAULT\Software\FileNET
- HKEY_Current_User\Software\Filenet
- Everyone = Full Control
- Everyone = Full Control
- Everyone = Full Control
- Everyone = Read Access
- Everyone = Full Control
NTFS Folder Settings
- \Program Files\FileNET and all subfolders except those listed below
- \Program Files\FileNet\Shared\DATA_SS
- \Program Files\FileNET\IDM\Cache
- \Program Files\FileNET\IDM\LocalDb
- \Program Files\Common Files and all subfolders
- Windows (or WINNT)
- Windows\system32 (or WINNT\system32) and all subfolders
- InetPub and all subfolders
- C:\Temp directory
- Check the Windows registry for the WAL_ROOT setting providing the location where Image Services Toolkit is installed.
- IUSR_<machine_name> = Read Access
Administrators = Full Control
System = Full Control
Authenticated Users = Read Access (Unified Logon only)
- IUSR_<machine_name> = Full Control
Administrators = Full Control
System = Full Control
Authenticated Users = Full Control (Unified Logon only)
- IUSR_<machine_name> = Full Control
Administrators = Full Control
System = Full Control
Authenticated Users = Full Control (Unified Logon only)
- IUSR_<machine_name> = Full Control
Administrators = Full Control
System = Full Control
Authenticated Users = Full Control (Unified Logon only)
- IUSR_<machine_name> = Read Access
Administrators = Full Control
System = Full Control
Authenticated Users = Read Access (Unified Logon only)
- Administrators = Full Control
System = Full Control
Authenticated Users = Read & Execute Access (Unified Logon only)
- IUSR_<machine_name> = Read & Execute Access
Administrators = Full Control
System = Full Control
CREATOR OWNER = Full Control
Authenticated Users = Read & Execute Access (Unified Logon only)
- IUSR_<machine_name> = Read Access
Administrators = Full Control
System = Full Control
Authenticated Users = Read Access (Unified Logon only)
- IUSR_<machine_name> = Full Control
Administrators = Full Control
System = Full Control
Authenticated Users = Full Control (Unified Logon only)
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FileNET\WAL\CurrentVersion
IUSR_<machine_name> = Full Control
Administrators = Full Control
System = Full Control
Authenticated Users = Full Control (Unified Logon only)
Historical Number
10003902
Product Synonym
WEB SERVICES
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21275023