Limiting CRM application ability to aasigning user to approprite CRM security group

IT administrator that I have for client does not like the idea of CRM 
application assigning user group automatically. They prefer to do the 
security group assignment manually.
Is this possible? What do I need to do to achieve that?

Thanks
Kyaw 

0
6/18/2008 2:58:10 AM
crm 35858 articles. 1 followers. Follow

2 Replies
518 Views

Similar Articles

[PageSpeed] 48

Hi Kyaw,

I did it the following way for a customer:

1) You will need to precreate the five groups within your AD. There is no 
need of having a own OU (Container, Organizational Unit) for them. Follow the 
naming convention of your company or use the default namings from Microsoft 
for the five groups. There is no need for your AD Admin to assign those 
groups any permissions to a ressource. Also, there is no need to grant the 
ServiceAccount controle over this groups.

2) Ask your AD Admin to add the domain account (SVC ServiceAccount) which 
you will use to run the installation to the following groups (see Example). 
Ask your AD Admin to add the AD computer object from the Application Server 
(CRM Role) to the following groups (see Example).

Expl:

 Type: 'Domain local Security'
 
 UserGroup (SVC, USR)
 ReportingGroup (SVC, USR)
 PrivReportingGroup (SVC)
 Priv UserGroup (CRM Role)
 SQLAccessGroup (CRM Role)

3) create a 'Server XML Configuration File' for the installation and run the 
setup

Expl.

<CRMSetup>
<Server>
<Groups AutoGroupManagementOff="true">
<PrivUserGroup>CN=PrivUserGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</PrivUserGroup> 
<SQLAccessGroup>CN=SQLAccessGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</SQLAccessGroup> 
<UserGroup>CN=UserGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</UserGroup> 
<ReportingGroup>CN=ReportingGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</ReportingGroup> 
<PrivReportingGroup>CN=PrivReportingGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</PrivReportingGroup> 
</Groups>
</Server>
</CRMSetup>

Expl.

 ServerSetup.exe /config yourConfig.xml 

4) Now, whenever you want to add new user to the MSCRM, those users (USR) 
have to be added first to the UserGroup and Reporting Group. You could also 
nest another group instead of adding each user manual.  When this is done, 
you can create this users within MSCRM.

Your AD Admin has the full controle over these groups. Which is want he 
wants to keep :-)

More Details here ->
http://www.microsoft.com/downloads/details.aspx?FamilyID=1ceb5e01-de9f-48c0-8ce2-51633ebf4714&DisplayLang=en

Thanks
Regards
..ingo.


"Kyaw Zay Ya" wrote:

> 
> IT administrator that I have for client does not like the idea of CRM 
> application assigning user group automatically. They prefer to do the 
> security group assignment manually.
> Is this possible? What do I need to do to achieve that?
> 
> Thanks
> Kyaw 
> 
> 
0
Ingo (2)
6/24/2008 5:31:01 PM
Thanks very much Ingo, appreciate your help!

Regards,
Kyaw

"Ingo" <Ingo@discussions.microsoft.com> wrote in message 
news:71FFB600-1846-4A4D-9338-8017DDF72173@microsoft.com...
> Hi Kyaw,
>
> I did it the following way for a customer:
>
> 1) You will need to precreate the five groups within your AD. There is no
> need of having a own OU (Container, Organizational Unit) for them. Follow 
> the
> naming convention of your company or use the default namings from 
> Microsoft
> for the five groups. There is no need for your AD Admin to assign those
> groups any permissions to a ressource. Also, there is no need to grant the
> ServiceAccount controle over this groups.
>
> 2) Ask your AD Admin to add the domain account (SVC ServiceAccount) which
> you will use to run the installation to the following groups (see 
> Example).
> Ask your AD Admin to add the AD computer object from the Application 
> Server
> (CRM Role) to the following groups (see Example).
>
> Expl:
>
> Type: 'Domain local Security'
>
> UserGroup (SVC, USR)
> ReportingGroup (SVC, USR)
> PrivReportingGroup (SVC)
> Priv UserGroup (CRM Role)
> SQLAccessGroup (CRM Role)
>
> 3) create a 'Server XML Configuration File' for the installation and run 
> the
> setup
>
> Expl.
>
> <CRMSetup>
> <Server>
> <Groups AutoGroupManagementOff="true">
> <PrivUserGroup>CN=PrivUserGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</PrivUserGroup>
> <SQLAccessGroup>CN=SQLAccessGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</SQLAccessGroup>
> <UserGroup>CN=UserGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</UserGroup>
> <ReportingGroup>CN=ReportingGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</ReportingGroup>
> <PrivReportingGroup>CN=PrivReportingGroup,OU=MSCRMPilot,DC=yourDomain,DC=com</PrivReportingGroup>
> </Groups>
> </Server>
> </CRMSetup>
>
> Expl.
>
> ServerSetup.exe /config yourConfig.xml
>
> 4) Now, whenever you want to add new user to the MSCRM, those users (USR)
> have to be added first to the UserGroup and Reporting Group. You could 
> also
> nest another group instead of adding each user manual.  When this is done,
> you can create this users within MSCRM.
>
> Your AD Admin has the full controle over these groups. Which is want he
> wants to keep :-)
>
> More Details here ->
> http://www.microsoft.com/downloads/details.aspx?FamilyID=1ceb5e01-de9f-48c0-8ce2-51633ebf4714&DisplayLang=en
>
> Thanks
> Regards
> .ingo.
>
>
> "Kyaw Zay Ya" wrote:
>
>>
>> IT administrator that I have for client does not like the idea of CRM
>> application assigning user group automatically. They prefer to do the
>> security group assignment manually.
>> Is this possible? What do I need to do to achieve that?
>>
>> Thanks
>> Kyaw
>>
>> 
0
7/3/2008 12:00:57 AM
Reply:

Similar Artilces:

File Size Limits
I'm sure this question has been asked a million times... What are the "file size" limits for different versions of Excel? In particular I'm interested in what it is for 2000. Thanks Hi John If you mean size of sheet it is currently 256 columns x 65536 rows. This will rise substantially when Excel 12 ships later this year 16,000 columns x 1 million rows. as far as File size is concerned, then that's going to be some limitation in terms of disk size and RAM. -- Regards Roger Govier "JohnB" <jbrigan@yahoo.com> wrote in message news:ONUyVbtFG...

XML and CRM 1.2
Hi All, I've got a couple of things running on my network (namely some managment software and some ordering software) that can have XML handed to it to accomplish tasks. An example of this would be the ordering software: send a bit of XML to it and you can order goods etc. My question is: Can CRM be configured to send XML data to other applications? IT would be great to hit the ordering stage and have CRM generate XML to order the goods itself without a sales guy having to do it. Thanks for any input all Tom Sure, check out CRM Post-Callouts on MSDN http://msdn.microsoft.com/MBS/T...

CRM 3.0 Programmer needed
Anyone out there know of a good CRM 3.0 programmer I can use for some contract worik. I have a variety of small customizations that need to be made. Stuart, You know where to find us :-) Regards, -- Erik van Hoof CWR Mobility Check our weblog at: http://www.cwrmobility.com/weblog "STUARTS" <STUARTS@discussions.microsoft.com> wrote in message news:A12F5A95-7DB4-4F36-BE33-EF3AC5603F93@microsoft.com... > Anyone out there know of a good CRM 3.0 programmer I can use for some > contract worik. I have a variety of small customizations that need to be > made. &q...

CRM 1.2 go online with added activity
If I go online and add an activity, and then choose to go online, I get an error message for the activity that: "The Microsoft CRM Server is unavilable or could not be found" I leave the option of waiting to add the data next time I check in. However, after closing the message, the activity IS added to the CRM Server. If if go offline again, and dont make any changes, and choose to go back online, I then get a message that: "The specified domain logon name already exists. You must specifity a unique domain" This is for the same activity, so it thinks it's not...

The users mailbox will not be created?
Hi, I have a Small Business Server 2003 Prem Edition. We have 20 Installed Licences and 18 are being used. Historicaly, when I create a user through the server management interface. The Mailbox is created. Now, for some reason when I do the same process the user is created but the mailbox is not created! Has anybody had a similar issue? Cheers Rory Are you certain the mailbox is not getting created? After creating the account have you tested it by sending an email to the email address in question or using OWA/Outlook to open the mailbox? Nue "Rory" <Rory@discussions.mi...

Can't open other user's folder on different server
Running Win2k/Exchange2k on two servers. Exchange SP3 with rollups applied. One server has Win2k SP4, the other SP3. Both part of the same AD domain. Most users are unable to open mailboxes on the other server, even though they have the rights. If we move the mailbox to the same server they are able to open it (this works 100%). Some users are able to do open mailboxes (the very same ones - we're trying to open a meeting room calendar) on the other servers, but I can see no pattern. Any ideas? Thanks. -GT ...

LDS user using AD Group Permissions
I have a web application in which our outside customers need access to run transactions (stored procs on Sql Server) on our domain. We have looked into LDS to keep these users separate from our domain. The problem we are having is allowing the LDS users the AD security rights to access these stored procs. For administration purposes we would like to use an AD group for each transaction (stored proc) which has access to execute. Is there a way to add LDS users to this AD group or allow them the security rights to do this. We have setup LDS and can authenicate an AD user thru to runs th...

How do I use the Outlook PST Backup tool on second user settings?
I have set up the PST backup tool on my settings but when I try to add it to my husbands settings I get the message that the program is already installed and I have to delete it to download it again for his settings. If I delete it will it make my settings inoperable? How do I make this work? Help!! I have windows XP and I am using Outlook 2003. Thank you for your help. Presumably you have seperate outlook Profiles? In his Profile, within Outlook, add-ins, is the backup addin ticked? "Katie H." <Katie H.@discussions.microsoft.com> wrote in message news:0E8A0...

crm consultant needed asap
i am looking for a crm consultant who has a lot of experience with form customization, crm implimentation, heavy work flow, and activities. ideally someone in arizona but not required. telecommute will be considered for the right person. looking for someone for a possible 2 month (i am guessing here....) project. if you are available and have this experience please email me at j-e-f-f@mag-en-ta-tech.c-o-m (remove the -). we are looking for someone to start like next week at the latest (this message was posted 08-08-2004). This message was posted 8/4, not 8/8. And I have some swamp land in f...

CRM and SBS 2003
I cannot log into CRM. I have SBS 2003 installed and working great. I followed the directions in Chapter 15 of the IG for the CRM. The message that I get is: User Access Error The system could not log you on. This could be because: you are not a Microsoft CRM user, or ... I have followed everything and double-checked everything (or have I). Please help... Ok, do you have to absolutly use SBS 2003? it is very finicky when it comes to installation, and it tends to complain if you changes things after you intall.. recomenda >-----Original Message----- >I cannot log into CRM...

DPM 2010 fails to connect to attach agent in work groupe
Agent is installed and configured on the remote computer. And the computers can communicate with each other (ping on the server name). I also have on other server at the same LAN at this server resist on and that one is working fine. Getting this erro when trying to attatch the second serverthat i want to backup: Attach protected computer sea0720sweb2 failed: Error 32684: Unable to contact the protection agent on server sea0720sweb2. Recommended action: 1) Ensure that the above server name is accessible from the DPM server. 2) Ensure that the protection agent has been insta...

Modify the Exchange 2003 size limit message
Is it possible to modify the Exchange 2003 size limit messages that user get for being of the size limit? Hi Kyle If you are talking about the Mailbox Limit message, you might want to look at this: http://blogs.technet.com/exchange/archive/2004/04/20/117024.aspx -- Mark Fugatt Microsoft Limited This posting is provided "AS IS" with no warranties, and confers no rights. "Kyle D" <kyle@nospam.com> wrote in message news:11752t1t1d84425@corp.supernews.com... > Is it possible to modify the Exchange 2003 size limit messages that user > get for being of th...

New user access- need learning material
Hi, I'm a novice user of acess 2007. Can someone give me some links or material using which i can learn the basics of acces and atleast be able to build a simple database. I have tried the office online website and google, however it just got me in circles. It would be great if anyone can send me some study material on this or refer me to some wesite where i can learn access Thanks Regards Raveendiran RR One on-line place that might be helpful http://www.sfubusiness.ca/motmba/courses/bus756/shared/pages/tutorials.html "Raveendiran RR" <smartbond@gmail.com> wro...

Set up WLMail in a second user accountI am
I have a HP Laptop running Windows 7 Premium. I have been able to set up WLMail on my own user(administrator) account, and can send and receive emails on my tiscali email account. I have tried to set up WLMail for a second user acount, using a different username on the same tiscali email account, that worked fine with Outlook Express on Windows XP, but I get the message"Windows Internet Explorer. Could not perform this operation because default mail client is not properly installed". I am doing something wrong, but I have no idea what it is. HELP. ...

automaticaly create a variable sized table from user input
Hi, How can I user data input to a cell by a user to create a table with that number of rows. eg. User enters 1024 in B2 165 in B3 12.5 in B4 A10 would contain 1, B10 would contain =B3+(A10*$B$4) A11 would contain 2, B11 would contain =B3+(A11*$B$4) etc to 1024 The user entered number in B2 could be any whole number between 1 and 1024 Thanks, Iain I could make this better but other things to do right now so try this. Uncomment the last line to remove the formula and just leave the values. Sub makeformula() Range("a10") = 1 Range("b10").Formula = "=B3+(A10*$B$4)...

Intermittent "\First Storage Group is not a valid drive or no acce
Over the last few weeks it appears one of my Exchange 2k3 systems is intermittently failing to backup properly. Reviewing the backup logs, I find this error: SERVER\Microsoft Information Store\First Storage Group is not a valid drive, or you do not have access. While in the event log I find this one: Information Store (5744) First Storage Group: The backup has stopped with error -521. I've managed to discover that this JET error is 'Backup Out of Sequence' but have yet to find anything on how to resolve this one and, I must admit, I'm a little stumped. I'm r...

Secure LDAP
I'm testing Outlook 2000 and 2003 and I'm having problems using secure ldap connections with an error that reads "Can't connect to ldap server (81). The configuration is the same as my working netscape configuration which works. A packet sniff comparison revealed that netscape successfully connected using SSLv3.0 while Outlook tries to initiate a connection using SSLv2.0 and fails. I can connect flawlessly to ldap as long as I turn Outlooks LDAP SSL feature off. Does anyone know of a fix or patch for this problem. Or maybe a way to force Outlook to use SSLv3.0? Ok. Furt...

security setup
is there anyway to change security level of cashier by time. for example from 9am to 1 pm they have different security level and from 1 to 5 they have different. Also is there anyway to disable "tender" button on POS for all cashiers. i want to dedicate one of my machines just to make work orders so knowbody can tender amount on it. thank you Shoby, Not that I'm aware of. If you can't press the F12 Tender button, you can't save the workorder. But you can disable the Amount column in the Tender screen. When in POS, click on the bottom blank button on the le...

Microsoft CRM database tables
Is there any way to access the Microsoft CRM database tables? To get a non-sarcastic rely, you will need to explain just a little more about what's behind the question.. "Talei" <Talei@discussions.microsoft.com> wrote in message news:B2D1DE6D-D8BB-4117-90D9-E1BDB9709342@microsoft.com... > Is there any way to access the Microsoft CRM database tables? ...

Limiting the number if instances of an entry
I am creating a database to book people onto courses. I would like to limit the number of entries booked onto course number 1 to 12 people so that the course does not become overbooked, is there a way of only allowing 12 instances of the number 1 in a field named "course number"? I am not a computer expert so please can replies be aimed at "MS Access for dummies". Thanks, Andrea On my website (www.rogersaccesslibrary.com), is a small Access database sample called "TrainingRegistration.mdb" which illustrates how to do this. -- --Roger Carlson MS Access ...

Remote users
Anyone any idea why mapisp32.exe would fail to stop when a remote user disconnects. When this happens the user cannot log in to their mailbox again. We dont use Outlook forms Alan ...

CRM Outlook Client multiple profiles
We have a user that has left the company, and another user would like regular access to the deprted user's CRM content. What is the easiest way to do this from the active user's desktop? Will they have to logon as the departed user? Or, can they access the CRM without an alternate logon from their desktop? He would prefer to keep the departed user's info seperate from his, just in case someone was going to mention importing the data into his user's content. Thanks in advance First, NEVER delete a departed user's active directory account until you have first transferr...

SFO sync
Since SFO uses MSDE (which has a Max database size of 2GB), we're hitting the limit shortly. I've pinned this down to the attachments saved in the ActivityMimeAttachments table which cumulatively are a little in excess of 1GB. The rest of the database is 700MB if we exclude the attachments (guess-timate). Now SFO has an option to exclude attachments where size is > 100K according to users. Evidently this does not work at all, since it doesn't reduce the database size any and appears to still send them across. My options at the moment appear to be to remove attachme...

clear the list og "open other users folder"
Hi When you use the open an other user folder, it could be a calendar, the persons name and folder is put into a list under the menu File/Open. I would like to clear that numbered list of folders, does anyone know how to do that? thanks, Rikke ...

Macro security setting not stored
Hi, my macro security setting is LOW by default. Whenever I try to change it, the new setting seems not to be stored, because afterwards it's LOW again. I'm running Excel 2003 SP2, but the same problem occurs in Word 2003 SP2. On my private computer at home everythings works well. Any idea why it's not working here in the office? TIA Gary This is one of those settings that is stored in the windows registry. I'm guessing that your IT folks have set you up so that you can't save changes to the registry. I'd talk to your IT help desk and ask. === As a personal note...