When running the WebSphere Application Server processes as a non-administrator, if global security is enabled, the user registry must be either LDAP or a custom registry.
To use the Local OS user registry, the user under which the product processes run must have Administrative and Act as part of the operating system privileges to call the Windows operating system APIs that authenticate or collect user and group information. The process needs special
authority, which is given by these privileges. The user in this example should not be the same as the security server ID (the requirement for which is a valid user in the registry). This user logs into the machine (if using the command line to start the product process) or the Log On User setting in the services panel (if the product processes have started using the services). If the machine is also part of a domain, this user should be part of the Domain Admin group in the domain to call the operating system APIs in the domain, in addition to having the Act as part of operating system privilege in the local machine.
No comments:
Post a Comment