Configuring the FIM CM Update Service

By default, the Forefront Identity Manager CM Update Service runs under the local system account. It is considered the best practice to change it and use a service account instead.

We have already created the svcFIMCMService user that we intend to use for this purpose. Before we can configure it for the service, we need to assign a few user rights to it.

The account needs the following User Rights Assignment:

To act as part of the operating system
To generate security audits
To replace a process-level token
To log in as a service

It then needs to be added to the following local groups on the FIM CM server:

Administrators
IIS_IUSRS

After that, we reconfigure the service to use the account and start automatically.

Get Microsoft Forefront Identity Manager 2010 R2 Handbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Forefront Identity Manager 2010 R2 Handbook by Kent Nordstrom

Configuring the FIM CM Update Service

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly