IBM Support

Windows registry and folder security settings for IBM FileNet IDM Web Services

Question & Answer


Question

What should the registry and folder security settings be for IDM Web Services?

Cause

Implementation of company security policies on the server may leave IDM Web Services with insufficient permissions to run properly. The following is a list of security settings that will give adequate permissions for IDM Web Services.

This list is designed to serve as a starting point and checklist for creating a security policy for the server. Ultimately, it is up to the customer to determine what security settings they will implement.

Answer

Windows Registry Settings

Use regedit.exe to modify the Windows Registry security. When setting these values, be sure that Allow inheritable permissions from parent to propagate to this object is checked.

  • HKEY_CLASSES_ROOT (Unified Logon only)
      • Everyone = Full Control
  • HKEY_LOCAL_MACHINE\Software\FileNET
      • Everyone = Full Control
  • HKEY_LOCAL_MACHINE\Software\ODBC
      • Everyone = Full Control
  • HKEY_USERS\.DEFAULT\Software\FileNET
      • Everyone = Read Access
  • HKEY_Current_User\Software\Filenet
      • Everyone = Full Control

NTFS Folder Settings

  • \Program Files\FileNET and all subfolders except those listed below
      • IUSR_<machine_name> = Read Access
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Read Access (Unified Logon only)
  • \Program Files\FileNet\Shared\DATA_SS
      • IUSR_<machine_name> = Full Control
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Full Control (Unified Logon only)
  • \Program Files\FileNET\IDM\Cache
      • IUSR_<machine_name> = Full Control
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Full Control (Unified Logon only)
  • \Program Files\FileNET\IDM\LocalDb
      • IUSR_<machine_name> = Full Control
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Full Control (Unified Logon only)
  • \Program Files\Common Files and all subfolders
      • IUSR_<machine_name> = Read Access
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Read Access (Unified Logon only)
  • Windows (or WINNT)
      • Administrators = Full Control
      System = Full Control
      Authenticated Users = Read & Execute Access (Unified Logon only)
  • Windows\system32 (or WINNT\system32) and all subfolders
      • IUSR_<machine_name> = Read & Execute Access
      Administrators = Full Control
      System = Full Control
      CREATOR OWNER = Full Control
      Authenticated Users = Read & Execute Access (Unified Logon only)
  • InetPub and all subfolders
      • IUSR_<machine_name> = Read Access
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Read Access (Unified Logon only)
  • C:\Temp directory
      • IUSR_<machine_name> = Full Control
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Full Control (Unified Logon only)
  • Check the Windows registry for the WAL_ROOT setting providing the location where Image Services Toolkit is installed.
      • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\FileNET\WAL\CurrentVersion
      IUSR_<machine_name> = Full Control
      Administrators = Full Control
      System = Full Control
      Authenticated Users = Full Control (Unified Logon only)

[{"Product":{"code":"SS5USE","label":"FileNet IDM Desktop\/WEB Services\/Open Client"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"WEB Services","Platform":[{"code":"PF033","label":"Windows"}],"Version":"4.0.0;3.3;4.0;4.0.1;4.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Historical Number

10003902

Product Synonym

WEB SERVICES

Document Information

Modified date:
17 June 2018

UID

swg21275023

Page Feedback