Financial Management — Configure DCOM

Specify the Distributed Component Object Model (DCOM) account information to configure DCOM security.

You must specify the Windows administrator under whose identity the application server processes are launched. Perform this task on the machines that host the Financial Management Web server tier and on the Services tier.

Note:

You must run as a Domain or Local Administrator with Group Policies rights to configure the DCOM user.

Because all Financial Management application server processes are run under an administrator identity (the specified Windows admin user), no other administrator is required to log on to the application server to start the application server processes.

The following table describes options for Financial Management DCOM configuration.

EPM System Configurator Fields	Description	Your Information
Domain User	Specify the user name. Limitations for the domain and user name: A user name cannot duplicate any other user or group name of the computer being administered. A user name can contain up to 20 uppercase and lowercase letters. A user name cannot consist solely of periods ( . ) and spaces and cannot contain these special characters: " ‘ / \ [ ] : ; \| = , + * ? < > & Do not use a single quotation mark ( ‘ ) in a user name. A user with a single quotation mark in the user name cannot log on to Financial Management. You cannot use an IP address as a domain name when you configure the user account.
Password	Enter the password. The password can contain up to 14 characters and is case-sensitive. The system does not verify the password, so ensure that the password that you use is valid. Note: If the entries that you make require changing the local security policy on the system, you must log off and log on again to commit the changes.
Re-type Password	Enter the password again to confirm it.
Enable DCOM on this machine	Select to enable DCOM on this machine. This option is available for the Application services and Web tier installation of Financial Management. This option is not available if DCOM is already enabled on the computer. This option enables DCOM for the entire computer. Enabling DCOM makes possible the launching of servers and connecting to objects by remote clients for the machine. It also sets the DCOM Default Authentication level to None for the computer. The Enable DCOM step is required for Financial Management client components to communicate with Financial Management application server components when the application server is on a different computer. It also enables the Financial Management client and application server computers to be on different domains.

After you enter the Windows administrator information, EPM System Configurator performs these steps:

Creates the Windows admin user (DCOM user) on the local machine if the user does not exist
Adds the user to the local Administrators group. The Financial Management administrator user or group must be a member of the local Administrators group on each application server.
Assigns these local security policies to the admin user: “Act as part of the operating system” and “Log on as a batch job.” These local security rights must be enabled for users on each Financial Management application server.
Sets the “DCOM Run as” identity for all Financial Management application processes
Sets DCOM Launch permissions for users

If the DCOM user password changes, or if you want to use a different DCOM user name and password, ensure that the user settings are valid and working, and then use EPM System Configurator to re-enter the DCOM user name and password. Perform this task on the Web tier and on the Services tier for Financial Management.