Skip to main content

Notifications

Microsoft Dynamics RMS forum

Issues running RMS in a Microsoft Active Directory/Group Policy environment

Posted on by Microsoft Employee

We have encountered permission related issues running RMS in our Microsoft Active Directory/Group Policy environment:

 

Windows XP

 

Store Operations POS will not upload any transactions performed in Offline Mode once it returns to Online Mode unless it is run with administrative privileges.

Changes to the configuration in Store Operations Administrator and Headquarters Manager are only save if it is run with administrative privileges.

 

All users have been given full control in the permissions for the whole Retail Management Systems folder in Program Files, and to the desktop shortcuts.  I have tried running the applications directly from Program Files, desktop and Start Menu.

 

The only solution we have found is the following changes to the registry:

 

Create registry key and users give full permissions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Store Operations POS

Give users full permissions to registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties

Give users full permissions to registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Retail Management System

Give users full permissions to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\SuperSocketNetLib

Windows 7

 

No applications will run without administrative privileges.  When GPOs are applied, trying to launch an applications generates the following message:

 

When trying to run these applications without GPOs in place, UAC will prompt for administrator credentials.

 

There is no problem with GPOs or UAC when running the applications as administrator.

 

All users have been given full control in the permissions for the whole Retail Management Systems folder in Program Files, and to the desktop shortcuts.  I have tried running the applications directly from Program Files, desktop and Start Menu.

 

The registry fix for Windows XP does not work with Windows 7.

 

As we are running a standard Microsoft environment, these problems should not exist. 

Is anyone aware of a fix for this?

*This post is locked for comments

  • Re: Issues running RMS in a Microsoft Active Directory/Group Policy environment

    Hello Rod,

    Please take into consideration that giving full control to everyone is not best practices for security nor is it PCI compliant. For more information, please refer to the PCI compliance implementation guide found on CustomerSource:

    Microsoft Dynamics RMS Service Pack 4 Implementation Guide for PCI Compliance

    mbs.microsoft.com/.../Microsoft_Dynamics_RMS_20_SP4_PCI_Implementation_Guide.pdf

    The Set Access Policies section on pages 12-14 contains the details for setting up user accounts for PCI Compliance.

    What I’ve seen that resolves most issues with non-administrator user access is the final subsection, Modify the manifest file for Store Operations POS.

    The manifest file controls the user context that Store Operations POS runs under. To comply with the PCI DSS, you must modify the default setting in this file. The file is named SOPOSUser.exe.manifest, and it is located in the installation folder (by default, C:\Program Files\Microsoft Retail Management System\Store Operations).

    1. Activate and register Store Operations POS, and then close Store Operations POS.

    2. Open the manifest file in Notepad or another text editor.

    3. Change the requestedExecutionLevel parameter to AsInvoker, so that it looks like this:

    <requestedExecutionLevel level="AsInvoker"></requestedExecutionLevel>

    4. Save and close the manifest file.

  • Community Member Profile Picture
    Community Member Microsoft Employee on at
    Re: Issues running RMS in a Microsoft Active Directory/Group Policy environment

    We have this running in domains with group policy on windows 7, We simply gave full control to everyone on this folder in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Retail Management System. We turn off the UAC and set the program to run as adminitrator in security properties of the shortcut. One other thing we do is isntall RMS outside of the program files directory.

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

Quick Links

November Spotlight Star - Khushbu Rajvi

Congratulations to a top community star!

Forum Structure Changes Coming on 11/8!

In our never-ending quest to help the Dynamics 365 Community members get answers faster …

Dynamics 365 Community Platform update – Oct 28

Welcome to the next edition of the Community Platform Update. This is a status …

Leaderboard

#1
André Arnaud de Calavon Profile Picture

André Arnaud de Cal... 290,867 Super User 2024 Season 2

#2
Martin Dráb Profile Picture

Martin Dráb 229,173 Most Valuable Professional

#3
nmaenpaa Profile Picture

nmaenpaa 101,156

Leaderboard

Featured topics

Product updates

Dynamics 365 release plans