- Contents
PureConnect Installation and Configuration Guide
DCOM Security Limits
In order for the CIC server's DCOM components to function correctly and in a secure manner, Windows' DCOM security permissions must be modified to include the domain accounts of all CIC users. An example of a CIC server DCOM process is the IC Authentication Service. If the DCOM permissions are not set correctly, CIC client authentication will fail and users must enter their CIC user and password when they log in to the CIC client, for example, Interaction Desktop.
Select the level of security needed for your site. The recommended level of security is to allow authenticated users.
Allow Everyone
(Not recommended, least security). This option adds all rights to the Everyone group. If a Windows Domain (NT Authenticated Users) group exists, it will be removed. This option should be used only in small environments that do not have the option to perform NT Authentication.
Allow Authenticated Users
(Recommended, medium security) This option adds all rights to the Windows Domain (NT Authenticated Users) group and removes remote launch/activate from the Everyone group. This is the default selection.
Add pre-configured group(s) containing all IC users' domain accounts
(Highest security) For a tighter level of security, you can add pre-configured Active Directory User group(s) or Local User group(s) (for example, workgroups). Setting up an Active Directory User group conforms to the Microsoft method of administering permissions based on Active Directory groupings. This option adds all rights to the specified groups, restores the Everyone group back to the defaults and removes the Windows Domain (NT Authenticated) Users group if it exists.
Groups
You may have already created the group(s) as a pre-installation procedure described in "CIC server". If you have not done so, do so now. Follow standard Windows procedures for Active Directory or Local User group(s.)
Enter the group(s). Separate multiple groups with commas. IC Setup Assistant will perform a validation check with Active Directory before setting the group(s).