Choosing Network Security Credentials

The symbol proxy server must run from a security context with the appropriate privileges for access to the symbol stores that you plan to use. If you obtain symbols from an external Web store such as http://msdl.microsoft.com/download/symbols, the symbol proxy server must access the Web from outside of any firewalls. If you obtain files from other computers on your network, the symbol proxy server must have appropriate privileges to read files from those locations. Two possible choices are to set the symbol proxy server to authenticate as the Network Service account or to create a user account that is managed within Active Directory Domain Services along with other user accounts.

Authenticate as a Network Service

The Network Service account is built in to Windows, so there is no extra step of creating a new account. For this example, we name the computer where the symbol proxy server is being configured SymMachineName on a domain named corp.

External symbol stores or Internet proxies must be configured to allow this computer's Network Service account (Machine Account) to authenticate successfully. There are two ways to achieve this:

  • Allow access to the Authenticated Users group on the external store or Internet proxy.

  • Allow access to the Machine Account corp\SymMachineName$. This option is more secure because it limits access to just the symbol proxy server's "Network Service" account.

Authenticate as a Domain User

For this example, the user account is named SymProxyUser on a domain named corp. To authenticate this user account, it must be added to the IIS_WPG group.

Note   It is a good practice to limit privileges of this account to only those necessary to read files and copy them to c:\symstore. This restriction prevents clients that access your HTTP store from corrupting the system .

Ff539105.wedge(en-us,VS.85).gifTo add the user account to the IIS_WPG group

  1. From Administrative Tools open Computer Management.

  2. Expand Local Users and Groups.

  3. Click Groups.

  4. Double-click IIS_WPG in the right pane.

  5. Click Add.

  6. Type corp\SymProxyUser in the pane labeled Enter the object name to select.

  7. To exit the Select Users, Computer, or Groups dialog box, click OK.

  8. To exit IIS_WPG Properties, click OK.

  9. Close the Computer Management console.

 

 

Send comments about this topic to Microsoft

Show:
© 2014 Microsoft