5. IIS Process Model

This setting determines the Windows Account that will receive permissions to the Vault Service physical directory, selected in Step 4. By default this is C:\Inetpub\wwwroot\VaultService. You must choose the account under which IIS runs ASP (asp.net_wp.exe) processes on your server machine, which is usually Machine\ASPNET or NT AUTHORITY\NETWORK SERVICE.

Use a different account if the ASPNET user is not running the asp.net process. For more information about determining the IIS process model, click here.

If you want Vault to connect to SQL Server through Windows Authentication, the account selected for the IIS process model will be granted access to the database. For instance, if you select the Machine\ASPNET login, Machine\ASPNET will be granted a login to SQL Server and the Machine\ASPNET user will be added to the sgvault database, with the role of public and db_owner.

If you want to connect to SQL Server through SQL Server Authentication, the Vault Server installation will create an 'sgvaultuser' SQL Server login account, which will be used by Vault to connect to the database. See Step 6 for details.

Directory access for the IIS Process Model account

For Vault to work, the account selected in this screen needs access to certain directories. During the installation, the Vault installer will request that read/write access be granted to the following folders:

• the local directory containing the server installation files (by default, InetPub\wwwroot\VaultService).
  
• the directory where the log files are written (by default, WINNT\Temp). The log file location can be changed after installation, in the Vault Admin Tool under Server Options.
  
• the IIS process account's %userprofile%\Application Data \Microsoft\Crypto\RSA\MachineKeys or to %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys if the IIS process account does not have a user profile.
  
• the Vault Shadow Folder directory.
  
• Windows\Microsoft.NET\Framework\<version>\Temporary ASP.NET Files.

There are three choices for the IIS Process model:

Note: Vault 3.5.x supports Active Directory authentication. When users authenticate against Active Directory, their domain password will be used when logging into Vault instead of a Vault password. For users to authenticate against Active Directory, the Vault Server must be installed using a Custom Account for the IIS Process model (option "C," below). After installation, enter the domain name of the Active Directory domain in the Server Options tab of the Vault Admin Tool.

A. The MachineName\ASPNET account (IIS 5.0) or NT AUTHORITY\NETWORK SERVICE account (IIS 6.0)

The IIS ProcessModel account is created during the installation of the Microsoft .Net Framework. Before using this account, verify that you have an ASPNET account on the server machine. (Windows 2003 uses NT AUTHORITY\NETWORK SERVICE).

Examples

On Windows XP or Windows 2000 (IIS 5):

On Windows 2003 Server (IIS 6):

B. The System Account, Domain/Machinename$

Use the System account when Microsoft .Net is set up to run as SYSTEM in the process model, rather than the ASP.Net Machine account.

C. Custom Account

Use a custom account when SQL Server is located on a different machine than the Vault Server, and you want to use Windows Authentication to connect to SQL Server. You should use an account which is accessible by both machines - specifically a domain account - DOMAIN\USER. You must also use a custom account if you want Vault users to authenticate against Active Directory.

You can use an existing Windows account or create a new account.

After you have configured Vault to match the IIS process model, click Next to continue.

Next page

• product features

• screen shot gallery

• documentation

• support forum

• downloads

• demo

• pricing

• Buy Now!