Additional configuration steps using operating system tools

1. Add necessary accounts to the user groups

Use Windows Computer Management to add users to the agsusers and agsadmin user groups. ArcGIS Server uses operating system authentication to allow users to connect to ArcGIS Server and to determine if they have administrator-level access to the server.

User accounts that will connect to ArcGIS Server must be members of the agsusers group on the server object manager machine and all server object container machines, or their connections will be denied. Users who are not members of the agsusers group will not be able to connect to ArcGIS Server.

User accounts that will connect to and administer (add, start, stop server objects; add host machines; and so on) the ArcGIS Server must be members of the agsadmin user group. You will not be able to create server objects unless you connect to ArcGIS Server as a user in the agsadmin user group. For example, if the account with which you log in to your computer is mydomain\Bob, and you want to administer ArcGIS Server, you must add mydomain\Bob to the agsadmin user group on all the server machines.

To add users to the agsusers or agsadmin user groups, use Windows Computer Management

1. On the server object manager (SOM), open the Computer Management application:
   • On Windows Server 2003, click Start > Settings > Control Panel > Administrative Tools.
   • On Windows XP, click Start > Control Panel > Administrative Tools.
   • On Windows Vista and Windows 7, click Start > Control Panel (switch to Classic View, if necessary) > Administrative Tools > Computer Management.
   • On Windows Server 2008, click Start > Administrative Tools > Computer Management.
2. In Computer Management, expand System Tools, then Local Users and Groups, then Groups.
3. Right-click the ArcGIS Server administrators group, named agsadmin, and click Properties.
4. On the property page, click Add and, in the dialog box that appears, add your operating system account and any other accounts that you want to grant administrative access to ArcGIS Server. The account you add will be the account that you typically run ArcCatalog from.
5. Repeat steps 1–4 on each container machine.
6. Repeat steps 1–5 for the agsusers group, adding the users to the agsusers group that you want to be able to connect to ArcGIS Server.

Note:

After adding users to the agsusers and agsadmin user groups, you must log off your machine and log back on again for these changes to take effect.

2. Grant the ArcGIS server object container account read and write access to data and output directories

For the ArcGIS Server services to function correctly, the ArcGIS server object container account must have read access to all the maps, locators, and data that you want to serve with MapServer and GeocodeServer objects. If any of your applications modify data, you must grant the ArcGIS server object container account write access to that data.

If your ArcGIS Server configuration has multiple server object container (SOC) machines, both the data and output directories must be visible to all SOC machines. You will need to grant these privileges to the data and output directories and also their shares.