Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By : Kent Nordstrom
Book Image

Microsoft Forefront Identity Manager 2010 R2 Handbook

By: Kent Nordstrom

Overview of this book

Microsoft's Forefront Identity Manager simplifies enterprise identity management for end users by automating admin tasks and integrating the infrastructure of an enterprise with strong authentication systems. The "Microsoft Forefront Identity Manager 2010 R2 Handbook" is an in-depth guide to Identity Management. You will learn how to manage users and groups and implement self-service parts. This book also covers basic Certificate Management and troubleshooting. Throughout the book we will follow a fictional case study. You will see how to implement IM and also set up Smart Card logon for strong administrative accounts within Active Directory. You will learn to implement all the features of FIM 2010 R2. You will see how to install a complete FIM 2010 R2 infrastructure including both test and production environment. You will be introduced to Self-Service management of both users and groups. FIM Reports to audit the identity management lifecycle are also discussed in detail. With the "Microsoft Forefront Identity Manager 2010 R2 Handbook" you will be able implement and manage FIM 2010 R2 almost effortlessly.
Table of Contents (21 chapters)
Microsoft Forefront Identity Manager 2010 R2 Handbook
Credits
About the Author
About the Reviewers
www.PacktPub.com
Preface
8
Using FIM to Manage Office 365 and Other Cloud Identities
Afterword
Index

Configuring the FIM CM Update Service


By default, the Forefront Identity Manager CM Update Service runs under the local system account. It is considered the best practice to change it and use a service account instead.

We have already created the svcFIMCMService user that we intend to use for this purpose. Before we can configure it for the service, we need to assign a few user rights to it.

The account needs the following User Rights Assignment:

  • To act as part of the operating system

  • To generate security audits

  • To replace a process-level token

  • To log in as a service

It then needs to be added to the following local groups on the FIM CM server:

  • Administrators

  • IIS_IUSRS

After that, we reconfigure the service to use the account and start automatically.