We have encountered permission related issues running RMS in our Microsoft Active Directory/Group Policy environment:
Windows XP
Store Operations POS will not upload any transactions performed in Offline Mode once it returns to Online Mode unless it is run with administrative privileges.
Changes to the configuration in Store Operations Administrator and Headquarters Manager are only save if it is run with administrative privileges.
All users have been given full control in the permissions for the whole Retail Management Systems folder in Program Files, and to the desktop shortcuts. I have tried running the applications directly from Program Files, desktop and Start Menu.
The only solution we have found is the following changes to the registry:
Create registry key and users give full permissions HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Store Operations POS
Give users full permissions to registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaProperties
Give users full permissions to registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Retail Management System
Give users full permissions to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Client\SuperSocketNetLib
Windows 7
No applications will run without administrative privileges. When GPOs are applied, trying to launch an applications generates the following message:
When trying to run these applications without GPOs in place, UAC will prompt for administrator credentials.
There is no problem with GPOs or UAC when running the applications as administrator.
All users have been given full control in the permissions for the whole Retail Management Systems folder in Program Files, and to the desktop shortcuts. I have tried running the applications directly from Program Files, desktop and Start Menu.
The registry fix for Windows XP does not work with Windows 7.
As we are running a standard Microsoft environment, these problems should not exist.
Is anyone aware of a fix for this?
*This post is locked for comments
Hello Rod,
Please take into consideration that giving full control to everyone is not best practices for security nor is it PCI compliant. For more information, please refer to the PCI compliance implementation guide found on CustomerSource:
Microsoft Dynamics RMS Service Pack 4 Implementation Guide for PCI Compliance
mbs.microsoft.com/.../Microsoft_Dynamics_RMS_20_SP4_PCI_Implementation_Guide.pdf
The Set Access Policies section on pages 12-14 contains the details for setting up user accounts for PCI Compliance.
What I’ve seen that resolves most issues with non-administrator user access is the final subsection, Modify the manifest file for Store Operations POS.
The manifest file controls the user context that Store Operations POS runs under. To comply with the PCI DSS, you must modify the default setting in this file. The file is named SOPOSUser.exe.manifest, and it is located in the installation folder (by default, C:\Program Files\Microsoft Retail Management System\Store Operations).
1. Activate and register Store Operations POS, and then close Store Operations POS.
2. Open the manifest file in Notepad or another text editor.
3. Change the requestedExecutionLevel parameter to AsInvoker, so that it looks like this:
<requestedExecutionLevel level="AsInvoker"></requestedExecutionLevel>
4. Save and close the manifest file.
We have this running in domains with group policy on windows 7, We simply gave full control to everyone on this folder in the registry HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Retail Management System. We turn off the UAC and set the program to run as adminitrator in security properties of the shortcut. One other thing we do is isntall RMS outside of the program files directory.
Stay up to date on forum activity by subscribing. You can also customize your in-app and email Notification settings across all subscriptions.
André Arnaud de Cal... 290,867 Super User 2024 Season 2
Martin Dráb 229,173 Most Valuable Professional
nmaenpaa 101,156