FIM 2010 R2: BHOLD Core root account is used for BHOLD FIM Integration

  • Article

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Forefront Identity Manager 2010 R2 Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Product

Forefront Identity Manager 2010 R2

Feature

BHOLD

Operating System

Windows Server 2008 R2

Severity

Error

Category

Configuration

Issue

The BHOLD Core root account is also being used by BHOLD FIM Integration to connect to FIM or BHOLD Core.

The BHOLD Core root account is also being used as the service account in BHOLD FIM Integration. By default, the BHOLD Core root account is the account of the user who installed BHOLD Core.

Impact

Using the BHOLD Core root account in BHOLD FIM Integration introduces the risk of rights elevation, compromising the security of FIM and BHOLD.

Resolution

Create a separate account for use by BHOLD FIM Integration and then reinstall BHOLD FIM Integration.

After creating and configuring the BHOLD FIM Integration service account, you must uninstall BHOLD FIM Integration and then reinstall it, specifying the new account.

To uninstall BHOLD FIM Integration

  1. On the BHOLD FIM Integration server, click Start, click Control Panel, and then under Programs, click Uninstall a program.

  2. Right-click Microsoft BHOLD Suite - FIM Integration, click Uninstall, and then click Yes.

To install BHOLD FIM Integration, follow the instructions in BHOLD FIM Integration Installation (https://technet.microsoft.com/en-us/library/jj134093(v=ws.10)), noting the requirements for the accounts specified in Connect to Forefront and Connect to BHOLD Core.

Additional references

For more information, see Microsoft BHOLD Suite Installation Guide (https://technet.microsoft.com/en-us/library/jj134107(v=ws.10)).