IMan Security Considerations
This section discusses the various IMan security issues and the required configuration needed for IMan to function properly. Where the non-default windows permissions are required the IMan Permissions Function to configures the necessary local permissions.
Background
Due to the distributed nature of IMan, where the IMan services perform different but sometimes similar tasks there is a strong requirement that all three services and the IIS Application Pool to which IMan is assign run under the same or very similar security contexts.
A default IMan installation will install all three IMan services to run using the LocalSystem security context, and the IMan Application Pool to run under the context it was created.
When to Alter IMan Service & IIS AppPool Security
In broad terms the security context under which IMan runs will need to be changed should IMan require access to:
- Local File Resources where the Permissions have been explicitly set to remove access to LocalSystem and the IMan IIS Application Pool user account.
- ANY file resource located on a remote server.
- Applications using Windows or Active Directory based authentication.
See the following Security Consideration for Resources section for more detail.
IMan Permissions Function
Describes how to use the IMan Permission function.
Security Consideration for Resources
Describes the local and domain user considerations when using the Permissions function.
IMan Service & IIS App POOL Permissions
Describes the permissions needed by the main 4 components of IMan.
Local Machine Required Permissions
Describes the shared permissions required by different components of IMan.