It’s generally uncommon that you would need to change permissions or modify the user account that a RedDot CMS installation runs under. During my travels as a RedDot CMS developer, I have personally only come across two instances where this occurred.
The first time called for the ‘local’ RedDot user account to be replaced with a service account when changing from a single to a muti-server publishing cluster. The reason for doing this was to enable both servers to access a shared location on the network where all Assets were stored – which could only be access via a service account for security reasons.
Most recently whilst working for a company that required all IT systems and applications to be migrated from one network to another as part of an acquisition, RedDot Service Accounts had to be modified to run under a new active directory service.
Changing the service account that RedDot runs under isn’t that difficult, but it is a little tedious. All of it has to be done manually. I wasn’t able to find any documentation anywhere on the web on how to do this, so I figured it would be best to document the process for other users. This was the first time I had to do this (in the past I was able to rely on infrastructure teams to take care of installation and server maintenance), I called on the assistance of Open Text support who pointed me in the right direction to get it working.
Modifying the COM and DCOM Settings for RedDot CMS
- Under Control Panel > Administrative Tools > Component Services, select ‘My Computer’
- Right mouse click on ‘My Computer’ and select Properties > COM Security. Click Edit Defaults
- Click the Add Button and then the Advanced Button to enable you to search for Users and Groups. Locate the new Service Account which you will use to run RedDot CMS and assign this account with Local Access permissions.
We while are at it, ensure that the following Users and Groups have also being assigned the same level of permissions:
- Once you have saved these changes, repeat the same steps for Launch and Activation Permissions.
- Expand the DCOM Config folder and edit the properties of each of the RedDot objects (each of the RedDot objects are prefixed with ‘RD’)
- Select the ‘Security’ tab and ensure that ‘Use Default’ is selected for both Launch and Activation Permissions & Access Permissions
- Scroll to the bottom of the list and edit the properties of each of the ‘hexadecimal’ objects. Only edit the permissions of each of these objects that belong to RedDot – which can be determined by checking the local path field under the General tab (it should point to the location where RedDot is installed on the server). For these objects, ensure that ‘Use Default’ is selected for both Launch and Activation Permissions & Access Permissions.
Anonymous access authentication for each of the virtual applications under ‘CMS’
- Edit the properties of each Virtual Application under ‘CMS’ within IIS
- Under the ‘Directory Security’ tab, click on the Authentication and access control ‘Edit..’ button
- Specify the username and password of the new RedDot service account within the corresponding fields. Ensure the enable anonymous access checkbox is selected.
RDServer.ini file settings
Ensure the Domain and Username of your new RedDot service account is added to the top of the RDServer.ini file: