Configuring permissions and groups (Windows Server domain controller)

If Microsoft Windows Server is a domain controller, you must complete these tasks to configure users and groups to access IBM® InfoSphere® Information Server. This configuration is required only for the engine tier computer and is only applicable to the users of the operating system where the engine tier components are installed.

Procedure

Because you cannot add the built-in authenticated users group to a group that you create in steps 3 and 2, you might prefer to skip steps 3 and 2 and use the authenticated users group directly.

  1. Log in to Microsoft Windows Server as an administrator.
  2. Create a group.
    1. Click Start > Control Panel > Administrative Tools > Active Directory and Computers.
    2. In the Active Directory and Computers window, click Users in the current domain.
    3. In the window that opens, click Action > New Group.
    4. In the New Group window, type DataStage as the name for the group.
    5. Leave Group scope as Global and Group type as Security.
    6. Click OK
  3. Configure the server to allow local users and the DataStage group to log in.
    1. Click Start > Control Panel > Administrative Tools > Domain Security Policy.
    2. In the Domain Security Policy window, expand Local Policies > User Rights Assignment to display the policies.
    3. In the Domain Security window, click the Allow log on Locally policy, and click Actions > Properties.
    4. In the Allow log on Locally Properties window, click Add User or Group.
    5. Click Browse.
    6. In the Select Users, Computers, or Groups window, click Advanced and then click Find Now.
    7. In the search results, click Authenticated Users and DataStage, and then click OK three times to return to the Domain Security Policy window.
    8. In the Domain Security window, click the Log on as a Batch Job policy, and click Actions > Properties.
    9. In the Log on as a Batch Job window, click Add User or Group.
    10. Click Browse.
    11. In the Select Users, Computers, or Groups window, click Advanced and then click Find Now.
    12. In the search results, click DataStage and click OK three times to return to the Domain Security Policy window.
    13. Close the Domain Security Policy window.
  4. Add users to the group.
    1. In the Users in the current domain window, click the name of the group that you want to add users to (DataStage), and click OK. Authenticated users are not available.
    2. Click Action > Properties.
    3. In the Properties window, click the Members tab, and then click Add.
    4. In the window that opens, click Advanced, and then click Find Now.
    5. Click the names of users that you want to add to the group, and then click OK. Authenticated users are not available.
    6. Click OK two times to save your results and to return to the Active Directory and Computers window.
    7. Close the Active Directory and Computers window.
  5. Set permissions for the following folders:
    • C:\IBM\InformationServer\Server
    • C:\Program Files\MKS Toolkit\fifos
    • C:\Windows\%TEMP%
    • C:\tmp

    Complete the following steps for each of the listed folders.

    1. Select the folder and click File > Properties.
    2. In the Properties window, click the Security tab, and click Edit.
    3. In the Permissions window, click Add.
    4. In the Select Users, Computers, or Groups window, click Locations.
    5. In the window that opens, click Advanced, and then click Find Now.
    6. Click the name of the group that you want to set permissions for (DataStage).
    7. Click OK twice.
    8. In the Permissions list, select to allow Modify, Read & execute, List folder contents, Read, and Write Permissions. Click OK.
    9. If you receive a message to confirm your changes, confirm by clicking Apply changes to this folder, subfolders and files.