To configure Parallels NetBoot Server, the user performing the configuration and the user account which will be used for running Parallels NetBoot service must have the following privileges:
- Administrator rights on the local computer
- Remote activation permissions
- Read access to SMS Provider
Create a new domain user:
Users who will be configuring Parallels NetBoot Server and running Parallels NetBoot service must be domain users.
To create a domain user:
On a server running Active Directory, open Server Manager by clicking Start > Administrative Tools > Server Manager.
Expand Server Manager > Roles > Active Directory Domain Services > Active Directory Users and Computers >
Right-click on Users and then click New > User.
In the New Object – User dialog, type Full name, User logon name, and then click Next.
Type a password in Password and Confirm password fields and click Next.
- Click Finish.
Local Administrator Rights
Both users (for configuration and running the service) must have administrative rights on the computer where the Parallels NetBoot Server will be installed.
To grant the administrative privileges to a user:
Log into the computer that will run the NetBoot server.
Open Server Manager and navigate to Configuration / Local Users and Groups / Groups.
Right-click the Administrators group and select Properties in the context menu.
- In the Select Users dialog, click Add and add the domain user you've created earlier. Click OK and click OK again.
DCOM Remote Activation Permission
Both users must have the DCOM Remote Activation permission:
On the computer where the SMS Provider is installed, click Start > Administrative Tools > Component Services.
In the Component Services window, navigate to Console Root / Component Services / Computers / My Computer / DCOM Config. Scroll down to Windows Management and Instrumentation, right-click it, and then click Properties in the context menu.
Click the Security tab. The Launch and Activation Permissions section will have either the Use Default or the Customize option selected depending on your server configuration. Set the DCOM Remote Activation permission for the user as follows:
If the Customize option is selected, click the Edit button, then add the user to the list and grant the user the Remote Activation permission.
If the Use Default option is selected, close this window and do the following:
In the Component Services window, navigate to Console Root / Component Services / Computers. Right-click My Computer and click Properties in the context menu.
Click the COM Security tab.
In the Launch and Activation Permissions section, click Edit Default.
- Add the user to the list and grant the user Remote Activation permission.
Read rights in SCCM
The user must have Read-only Analyst rights in Configuration Manager:
Log into the computer running the Configuration Manager console.
In the Configuration Manager console, navigate to Administration / Overview / Security.
Right-click Administrative Users and click Add User or Group in the context menu.
In the Add User or Group dialog, click Browse, find the domain user that you created earlier, and then click OK. The user will appear in the User or group name field in the Add User or Group dialog.
Click the Add... button in the Assigned security roles section.
In the Available security roles list, select Read-only Analyst and click OK.
- Click OK to close the Add User or Group dialog.