X hits on this document





56 / 62

members to the DCIT Admin role when you run the Setup wizard, as well as adding them later when you configure the self-service portal.

Service Accounts If you are using a domain account and your domain Group Policy object (GPO)

has the default password expiration policy set as required, you will either have to change the passwords on the service accounts according to the schedule, or configure the accounts so that the passwords never expire.

Firewall Exceptions If Windows Firewall is configured on the computers on which you plan to install

the self-service portal, you must ensure that port exceptions are added to the Firewall on those computers that you plan to use for the self-service portal.

To configure any other firewall, refer to the instructions provided by the firewall's manufacturer.

Hardening the Self-Service Portal Website Installing the VMMSSP website component creates a corresponding website for

the self-service portal in IIS. This section specifies the recommendations for hardening the self-service portal website.

Configure SSL for the Self-Service Portal To encrypt communications between the client and the VMMSSP website

component, you should configure SSL security on your Web server. You can obtain the encryption certificate you need for SSL in one of the following ways, depending on how your portal is used:

  • If the website is on your organization‘s intranet, with no public access, you can obtain the certificate from your organization‘s existing public key infrastructure (PKI).

  • If users can access the self-service portal from the Internet, Microsoft recommends that you obtain a certificate from a certification authority.

If you are using IIS 7.0, see Securing Communications with Secure Socket Layer (SSL) in the IIS documentation for more information.

Disabling ISAPI Handlers That Are Not Needed When you install the VMMSSP website component, IIS lays down the default

ISAPI filters and handlers for common extensions such as .soap, .xoml, and .asmx. To avoid unnecessary exposure to any potential security risks, it is recommended that you disable the handlers that the website component is not using.

The Table below lists the ISAPI Handlers for the VMMSSP Website Component.



Document info
Document views236
Page views236
Page last viewedSun Jan 22 13:03:22 UTC 2017