Microsoft Identity Integration Server 2003 graphic

Change the Microsoft Identity Integration Server 2003 service account

For this procedure, you can change the Microsoft Identity Integration Server 2003 service account used by Microsoft Identity Integration Server 2003. You can also add this account to several local group policies, increasing security. To complete this procedure, you must be logged on as a member of the MIISAdmins security group.


To change the Microsoft Identity Integration Server 2003 service account

On a stand-alone server

  1. Back up the encryption key set by running Miiskmu.exe.
  2. Click Start, point to Administrative Tools, and then click Computer Management.
  3. Double click Local Users and Computers, right click Users, and then click New User.
  4. Type the user information and password.
  5. Clear the User must change password at next logon check box, and then click Create.
  6. Click Start, point to Programs, click Administrative Tools, and then click Local Security Policy.
  7. Double click Local Policies, and then click User Rights Assignment.
  8. Double click Deny logon locally, and then click Add user or group.
  9. In Enter the object names to select, type the account name created in step 4.
  10. Repeat steps 8 and 9 by adding this account to Deny access to this computer from the network, Deny logon as a batch job, and Deny log on through Terminal Services.
  11. Run Setup from the Microsoft Identity Integration Server 2003 installation CD in maintenance mode and change the Microsoft Identity Integration Server 2003 service account credentials from the old account to the new one. During the setup process, you are prompted for the encryption key set.

On a domain controller

  1. Back up the encryption key set by running Miiskmu.exe.
  2. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.
  3. Under the root domain, right-click Users, point to New, and then click User.
  4. Type the user information, and then click Next.
  5. Type the password, and then click Next.
  6. Click Finish.
  7. Click Start, point to Programs, click Administrative Tools, and then click Local Security Policy.
  8. Double click Local Policies, and then click User Rights Assignment.
  9. Double click Deny access to this computer from the network, and then click Add user or group.
  10. In Enter the object names to select, type the account name created in step 4.
  11. Repeat steps 9 and 10 by adding this account to Deny logon as a batch job, and Deny log on through Terminal Services.
  12. Run setup from the Microsoft Identity Integration Server 2003 installation CD in maintenance mode and change the Microsoft Identity Integration Server 2003 service account credentials from the old account to the new one. During the setup process, you are prompted for the encryption key set.

Important

Note

Related Topics

*

MIISkmu: Encryption key management tool

*

Best practices for security

*

Using security groups