+

Search Tips   |   Advanced Search

Restricting file access on Windows

You must restrict access to the Authentication Folder for the Windows Password Synchronizer. Grant folder access only to the administrator group.


About this task

The Windows Password Synchronizer plug-in runs in the Local Security Authority (LSA) process owned by the local system account. Since the user account is part of the administrators' group, grant access only to that group. If you are setting up a different password synchronizer, grant the required privileges to the appropriate user or the group.


Procedure

  1. In Windows Explorer, right-click the Authentication Folder.
  2. From the menu, select Properties.
  3. In the Properties window, click the Security tab.
  4. Click Advanced.
  5. Clear the check box that allows propagation of parent permissions and select the check box that replaces all the child permissions.
  6. Remove all the records from the Permission entries list.
  7. Click Add.
  8. Add the administrators group and grant full control access.
  9. Click OK.


Parent topic:

Java Proxy process authentication