Configure Enterprise Vault for web connections in preparation for Domino mailbox archiving

Article:HOWTO58405  |  Created: 2011-08-01  |  Updated: 2013-07-12  |  Article URL http://www.symantec.com/docs/HOWTO58405
Article Type
How To


Subject


Configure Enterprise Vault for web connections in preparation for Domino mailbox archiving

When Lotus Notes users start an archive search, a web connection is made to the Enterprise Vault Domino Gateway. You need to perform the configuration tasks described in this section to support these connections.

A new IIS virtual directory called EnterpriseVaultDomino is used to authenticate user access to Enterprise Vault archives when users perform an archive search. The virtual directory points to the Enterprise Vault\WebApp folder and has anonymous access enabled. For security, a web account is required for this virtual directory. It is advisable to create an account specifically for the purpose of web access.

Do not change the name of the virtual directory, EnterpriseVaultDomino.

If you have already configured an account for Exchange Server OWA access, then you must use the same account for Domino mailbox archiving.

Create a Windows domain user account to use as the Enterprise Vault Data Access account. This should be a basic domain account specifically created for the purpose; a local machine account cannot be used. The account must not belong to any administrative group.

To configure the Enterprise Vault Data Access account

  1. Log on to the Enterprise Vault Domino Gateway computer using the Vault Service account.

  2. Start the Enterprise Vault Administration Console.

  3. Expand the tree and right-click the Directory container.

  4. Select Properties.

  5. In the Directory Properties window, click the Data Access Account tab.

  6. In the Account box, select the Enterprise Vault Data Access account.

  7. Enter and confirm the password for the account.

  8. Click OK.

    The EnterpriseVaultDomino virtual directory is created and Anonymous access is granted automatically to the account specified.

To check the configuration of the Data Access account

  1. On a computer that is not a domain controller, open Local Security Policy in Administrative Tools. On a domain controller, open Domain Controller Security Policy.

  2. Click Local Policies > User Rights Assignment.

  3. The following permissions should be set:

    Access this computer from the network (SeNetworkLogonRight).

    Bypass traverse checking (SeChangeNotifyPrivilege).

    Log on as a batch job (SeBatchLogonRight).

    Allow log on locally (SeInteractiveLogonRight).

  4. The following registry value is also created containing the Enterprise Vault Data Access account. This ensures that only this user can obtain a list of archives accessible by a Domino User:

    HKEY_CURRENT_USER
     \Software
      \KVS
       \Enterprise Vault
        \AnonymousUser

    HKEY_CURRENT_USER is the Vault Service account. The value of this setting is the full name, including the Windows domain, of the anonymous user, for example, mydomain\DomAnonUser.

See About Domino mailbox archiving

See Vault store group, vault store, and partition in preparation for Domino mailbox archiving


Legacy ID



v9935717_v41328148


Article URL http://www.symantec.com/docs/HOWTO58405


Terms of use for this information are found in Legal Notices