English

How To: Restrict the ArcIMS Tasker service on Windows

Summary

Instructions provided describe a restrictive environment for the ArcIMS Tasker on Windows. This article may be useful when installing ArcIMS in high-security environments.

Warning:
This article is intended as a suggestion when installing ArcIMS in a secure environment. This configuration has not been tested and is not considered certifiedby ESRI. Support is still available when using ArcIMS in this configuration, but these settings may need to be removed in order to continue any troubleshooting. To install any Service Pack or updates switching of the ArcIMS services to run as the user that originally installed ArcIMS is required.

Procedure

The ArcIMS Tasker cleans up old image files created by the ArcIMS spatial server. It is installed on the same machine as the ArcIMS Application Server.
CONVENTIONS
· The machine on which the Tasker is running is referred to as the TaskerMachine in this article.
· The machine on which the spatial server outputs images, files, and zip files, is referred to as the OutputMachine in this article. This is not necessarily the same as the TaskerMachine.
· The Windows account under which the Tasker runs is referred to as the 'aimsTasker' account for this article.

DOMAIN OR LOCAL ACCOUNT?
The aimsTasker account should be a local Windows account if the TaskerMachine and the OutputMachine are the same. Otherwise this must be a Windows-domain account.

WINDOWS GROUPS
The aimsTasker account does not need to be part of any Windows groups.

USER RIGHTS
The aimsTasker account needs the following user rights on the TaskerMachine:
· Log on as a service
· Bypass Traverse Checking
The aimsTasker account needs the following user rights on the OutputMachine if different from the TaskerMachine:
· Access the computer from the network
· Bypass Traverse Checking

FILE PERMISSIONS
[O-Image] RetrictiveTaskerFilePermissionsWindows

Related Information