This can be used for to Secure the following accounts
- FIM Synchronization Service / MIM Synchronization Service
- FIMService / MIM Service
Note: This is not for the Service accounts to be used for the PAM Features see Service account is not secure in its current configuration
- When installing the Forefront Identity Manager Synchronization Service or the Forefront Identity Manager Portal you may be presented with a popup Warning 25051 which informs you that the service account is not secure in its current configuration. You are able to continue with the installation if you wish or you could stop the installation and secure the service account being used prior to installation of these features
- When installing the Forefront Identity Manager Features
- When installing the Microsoft Identity Manager 2016 Features
- Prior to installing the Forefront Identity Manager Synchronization Service or portal the Service accounts used for each feature are not configured on the server that the feature is to be installed on using the secure method
- On the server that host the Forefront Identity Manger Synchronization Service or FIM Service and Portal is installed on.
- Open up Local Security
- Expand Local Polices
- Click on User Rights Assignment
- Scroll down to locate the following policies
- Deny log on as a batch job
- Deny log on locally
- Deny access to this computer from the network
- For each of the above add the service account that is used for the installing feature. For example, on the server that the Synchronization Service is installed on this may be the FIMSync Service account, and on the server that host the FIM portal it may be the FIMService account that is used during the initial configuration. Right Click on the policy you wish to add the service account to and click on properties and then click on Add user or group, Add the correct (User) Service account for the feature being installed to that policy. Repeat steps for each policy.
Questions? Comments? Love FIM so much you can’t even stand it?