Multi-domain with one-way trust, Setup with one-way trust – Milestone XProtect Advanced VMS 2014 User Manual

Milestone XProtect

®

Advanced

VMS 2014

Administrator's Manual

www.milestonesys.com

262

Feature configuration

Multi-domain with one-way trust

Setup with one-way trust

If you run your system in a multi-domain environment, you can configure this setup with one-way trust.
The system is installed on the trusting domain and users log in from trusting and trusted domains.

1. Create a service account in the trusted domain. You can name it whatever you want, for

example, svcMilestone.

2. Add the new service account to the following local Windows user groups on the server running

the system, in the trusting domain:

o

Administrators

o

IIS_IUSRS (Windows Server 2008, necessary for Internet Information Services (IIS)
Application Pools)

o

IIS_WPG (Windows Server 2003, necessary for IIS Application Pools).

3. Make sure that the service account has system administrator rights on your SQL Database or

SQL Server Express, either directly or through the BUILTIN\Administrators group.

4. Set the identity of the ManagementServerAppPool Application Pool in the IIS to the service

account.

5. Reboot the server to make sure that all group membership and permission changes take

effect.

Important: To add trusted domain users to new or existing XProtect system roles, log in to Windows
as a trusted domain user. Next, launch the Management Client and log in as user of either the
trusting domain or the trusted domain. If you log in to Windows as a trusting domain user, you are
asked for credentials for the trusted domain in order to browse for users.

Example illustration of multi-domain environments with one-way trust.

Legend:

1.

One-way outgoing domain trust

2.

MyDomain.local

3.

OtherDomain.edu

4.

Trusting domain user

5.

Management server

6.

Milestone service account

7.

Trusted domain user