To verify Windows NT user rights for a user account:
| Platform SDK: Transaction Server |
[This product will work only on Windows NT 4.0 versions and earlier. For Windows 2000 and later, see COM+ (Component Services).]
After you install MTS, configure your MTS server so that you can deploy and manage MTS packages using the MTS Explorer. Before you start deploying and administering packages, set your MTS server up for deployment by doing the following:
In addition, use the Windows NT User Manager to verify that the user account for the identities of the System package and other MTS packages have the Windows NT "Log on as a service" user right.
To verify Windows NT user rights for a user account:
Configuring Roles on the System Package
You must map the System package Administrator role to the appropriate user in order to safely deploy and manage MTS packages. When MTS is installed, the System package does not have any users mapped to the administrator role. Therefore, security on the System package is disabled, and any user can use the MTS Explorer to modify package configuration on that computer. If you map users to System package roles, MTS will check roles when a user attempts to modify packages in the MTS Explorer.
By default, the System Package has an Administrator role and a Reader role. Users mapped to the Administrator role of the System package can use any MTS Explorer function. Users that are mapped to the Reader role can view all objects in the MTS Explorer hierarchy but cannot install, create, change, or delete any objects, shut down server processes, or export packages. For example, if you map your Windows NT domain user name to the System Package Administrator role, you will be able to add, modify, or delete any package in the MTS Explorer.
If MTS is installed on a server whose role is a primary or backup domain controller, a user must be a domain administrator in order to manage packages in the MTS Explorer.
For more information on how to map users to roles, see the Mapping MTS Roles to Users and Groups topic.
You can also set up new roles for the System package. For example, you can configure a Developer role that allows users to install and run packages, but not delete or export them. The Windows NT user accounts or groups that you map to that role will be able to test installation of packages on that computer without having full administrative privileges over the computer. For more information on setting up new roles, see the Adding a New MTS Role topic.
Once you have configured roles for your computer’s System package, enable authorization checking by selecting the check box in the Package Security property sheet. See the Enabling MTS Package Security for a complete description of how to enable authorization checking.
Note that the following MS DTC administrative functions do not use the System package or the System package role:
Setting Up Computers to Administer with the MTS Explorer
By default, the computer on which you install MTS is managed in the MTS Explorer as “My Computer”. You can also use the MTS Explorer to manage other computers. Add any new computers that you need to administer to the Computers folder in the Explorer by selecting the Computer icon and doing one of the following:
Then enter a computer name in your Windows NT domain in the dialog box to add the remote computer as a top-level folder. In order to access and display the MTS Explorer on a remote server, your logon account must be assigned to the Reader role. If you want full read and write privledges with the MTS Explorer on a remote server, your logon account must be mapped to the Administrator role.
For more information on managing objects in the MTS Explorer Hierarchy, see the MTS Explorer Hierarchy topic.
Important You can not remotely administer MTS on a Windows 98 computer from MTS on a Windows NT server.