| Q. |
I don't want passwords or other account information to cross the network in clear text. How do I force the use of SSL (Secure Sockets Layer)? |
| A. |
IIS has support for SSL (Secure Sockets Layer) built in. Once you have SSL set up, you can
use MMC to disable "regular" web traffic and enable SSL traffic. Users must then connect using
https:// instead of http://, and all traffic will be encrypted. See the
Security Considerations page for more information.
|
| Q. |
How do I set up SSL? |
| A. |
Use MMC to access the Key Manager, and generate a request for a certificate. Then submit
that request to a Certificate Authority (CA), such as Thawte
or Verisign. They will process the request and issue
a certificate. Again using the Key Manager, you import the certificate and commit the changes.
From that point on, SSL will be operational. The various Certificate Authorites have
differing fees and procedures. See the Certificate Authority of your choice for precise
instructions. Note: For corporate Intranet use, you can use
Microsoft's Certificate Server
instead of a public Certificate Authority.
|
| Q. |
Does RUM work over the Internet as well as my Intranet? What about proxies? |
| A. |
As long as your web server is visible to the end-user, either directly, through
dial-up, or through a proxy, RUM will work fine. If you use RUM over the Internet, you'll probably want to
insist on SSL (see above) for security reasons.
|
| Q. |
Do I have to use MSIE? What about Lynx, Opera, or Netscape Navigator? |
| A. |
Any modern browser will work. NT Challenge/Response (NTLM) authentication only works with MSIE, but Basic
authentication works with any browser. (See Security Considerations for
more information on Basic and NTLM authentication methods.) Some older versions of Lynx might have trouble with
the graphical elements, particularly the buttons. If you encounter this problem, you'll have to upgrade to a newer
version of Lynx, switch to HTML-style buttons, or use a different browser.
|
| Q. |
How do I make sure that RUM itself is secure? |
| A. |
The RUM installation program sets the default permissions of the application to ensure that only Helpers
designated by an administrator can make changes. The system uses a combination of NTFS file permissions,
IIS authentication methods, and IIS access rights. You shouldn't need to change these permissions from
the defaults. See the Security Considerations page for more information.
|
| Q. |
Can I customize RUM to add our company's logo or links? |
| A. |
Yes. The Control Panel applet for RUM has a button called HTML Settings.
The HTML Settings lets you add any HTML you want at the top or bottom of the RUM display page, and also customize the colors.
|
| Q. |
I've installed the program, but the service won't start. What's wrong? |
| A. |
It could be any of several things. Most likely, it's a problem with the service account (user account
you specified during setup for the service to use as its security context). Here's a quick checklist:
- You may need to grant the service account the right to "Log on as a service."
See the Manually Adding System Service Rights page for details.
- You may need to change the service account to one with full administrative privileges. RUM will
not work with an ordinary user account.
- You may need to change the system service startup to Automatic using the Services applet in Control Panel.
- Make sure IIS is running and the website you're using is enabled.
|
| Q. |
Will RUM allow my Helpers to change rights on multiple NT Domains? |
| A. |
No, RUM only controls the user database on the machine where
RUM is running. For a PDC or BDC, this means the primary domain. For stand-alone machines or
member servers, it means the local users on that machine. To control multiple domains, you need
to install RUM once for each domain. You can customize the HTML so that each RUM site has a link
to the other RUM sites. (See the customization question above.)
|
| Q. |
RUM is the only thing I'm using my IIS machine for. Can I put RUM in the root instead of a virtual directory? |
| A. |
Yes, with a few caveats. Do a regular install first to make sure everything is working the
way you want. Then change the directory for your root to be the same directory as your RUM
virtual directory, and go through the other settings and make them the same, too (i.e., access set
to read and execute, default document set to gwrum.dll, security settings, etc.). When you're done,
you'll be able to access with either http://servername/ or http://servername/rum/, and RUM upgrades
and removals will still work. Keep in mind, though, that RUM will set the access permissions for the
virtual directory, not the root directory -- in IIS, they're separate, even though they point to the
same physical directory. So if you re-run the IIS Settings from the control panel applet to
change something, or upgrade to a newer version of RUM, you'll have to go back to your root
directory and make everything match again.
Don't forget to make sure that the root directory has an application defined that runs "in-process"
(that is, the Run in separate memory space (isolated process) checkbox on MMC is unchecked.) RUM
automatically handles this during install for its virtual directory, but you'll have to do it
yourself if you run RUM from the root. Also be sure to create a new web site for RUM -- don't
use the Default Web Site created when you install IIS. (See Default Web Site for more information.)
|
