You need to configure unconstrained delegation only if your deployment contains a stand-alone installation of the Directory Server.
See About delegation in Control Compliance Suite.
To configure a service account with unconstrained delegation
Identify the user accounts that you want to use as the service accounts for DSS and Application Server.
Enable delegation for the Application Server's service account. By default, the user is set to Do not trust this user for delegation.
The following service accounts are to be enabled:
Windows Server 2003 computer
In the user properties, go to the Delegation tab and select the option, Trust this user for delegation to any service (Kerberos only).
Windows Server 2008 computer
In the user properties, go to Accounts tab and check the option, Account is trusted for delegation.
After the product is installed, configure delegation for the Application Server in the following manner:
In the CCS Console, go to Settings > System Topology > Map View or go to Settings > System Topology > Grid View.
Select the Application Server component, and right-click on Edit Settings.
In the Edit Settings dialog box, select the Application Server > Basic option in the left pane.
For the Authentication type option, select Use controlled delegation of security rights in the right pane.
Reboot the DSS and the Application Server computer so that the delegation settings can take effect.
See Configuring constrained delegation for CCS.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.