6.2 Launch and activation permissions

SIU references: SIU-065, SIU-067, SIU-071, SIU-075.

You must grant additional permissions to the account used to run MyID. The procedure you follow depends on whether you are going to install the MyID web server software on the same machine as the MyID application server software.

6.2.1 Web server on the same machine as the application server

On the server holding the MyID components (the application server) add the MyID COM+ user account to the Distributed COM Users group on the local machine, then give this group Local Launch, Remote Launch, Local Activation and Remote Activation rights.

  1. In the Windows Computer Management tool, expand System Tools > Local Users and Groups, then select Groups.
  2. Right-click the Distributed COM Users group and select Properties from the menu.
  3. The Distributed COM Users Properties dialog is displayed.
    1. Click Add.
    2. Find and select the MyID COM+ account.
    3. Click OK in the Distributed COM Users Properties dialog.

  4. Browse to and open Component Services.

    This is in the Administrative Tools section of Control Panel.

  5. Expand the Component Services tree until you can see My Computer.
  6. Right-click My Computer and select Properties from the menu.
  7. The My Computer Properties dialog is displayed.
    1. Click the COM Security tab.
    2. In the Launch and Activation Permissions group, click the Edit Default button.
    3. Add the Distributed COM Users group.
    4. Make sure that the Allow options for Local Launch, Remote Launch, Local Activation, and Remote Activation are selected.

Note: If you do not set these permissions, logon to MyID fails with an error message such as:

Unable to perform the requested operation
Solutions:
A problem occurred attempting to process your selection.
Please contact your administrator

6.2.2 Web server on a separate machine

If the web server and the MyID application server are installed on different machines, then the MyID IIS account also requires COM Security permissions.

Note: The steps in this section must be followed on both the MyID application server and the web server.

This is done by first adding the IIS, COM, and web service users to the Distributed COM Users group on the local machine and then giving this group Local Launch, Remote Launch, Local Activation and Remote Activation rights.

  1. In the Windows Computer Management tool, expand System Tools > Local Users and Groups, then select Groups.
  2. Right-click the Distributed COM Users group and select Properties from the menu.
  3. The Distributed COM Users Properties dialog is displayed.
    1. Click Add.
    2. Find and select the MyID IIS account. Click OK.
    3. Next, add the MyID COM+ account.
    4. Next, add the MyID web service account.
    5. Click OK in the Distributed COM Users Properties dialog.

  4. Browse to and open Component Services.

    This is in the Administrative Tools section of Control Panel.

  5. Expand the Component Services tree until you can see My Computer.
  6. Right-click My Computer and select Properties from the menu.
  7. The My Computer Properties dialog is displayed.
    1. Click the COM Security tab.
    2. In the Launch and Activation Permissions group, click the Edit Default button.
    3. Add the Distributed COM Users group.
    4. Make sure that the Allow options for Local Launch, Remote Launch, Local Activation, and Remote Activation are selected.

Note: If you do not set these permissions, the following message is displayed when attempting to launch MyID:

Unable to perform the requested operation