First, use an existing Windows account or create a new Windows account for the Vault Shadow Folder Service to use.
Use local security policies on the Vault Server machine to give the Windows account the following privileges:
Access this computer from the network
Log on as a batch job.
Log on as a service
(Allow) Log on Locally
Then modify the web.config file in the VaultShadowFolder directory (within the Vault Service directory)
Uncomment out this line, and add the domain account and password information:
Code: Select all
<!-- IDENTITY / IMPERSONATION SETTINGS Controls the application identity of the Web application impersonate Specifies whether client impersonation is used on each request. true - Specifies that client impersonation is used. false - Specifies that client impersonation is not used. userName - Specifies the user name to use if impersonate is set to true. password -Specifies the password to use if impersonate is set to true. --> <!-- identity impersonate="true" userName="DOMAINorMACHINE\WINDOWSACCT" password="plaintext_pwd"/>-->
The following permissions must be added to the permissions on the following folders on the Vault Server machine for the impersonated account:
FULL CONTROL - %WINDIR%\Microsoft.NET\Framework\<version>\Temporary ASP.NET Files
READ - .Net Framework hierarchy (%WINDIR%\Microsoft.NET\Framework\v2.0.50727)
READ - %WINDIR%\assembly*
FULL CONTROL - %SYSTEMDRIVE%\Inetpub\wwwroot\VaultService
FULL CONTROL - %SYSTEMDRIVE%\Inetpub\wwwroot\VaultService\VaultShadowFolder
READ / WRITE / MODIFY - %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\RSA\MachineKeys
*This is the global assembly cache. You cannot directly use Windows Explorer to edit ACLs for this folder. Instead, use a command Windows and run the following command: "cacls %windir%\assembly /e /t /p domain\useraccount:R"
Create the shadow folder on the other machine in your workgroup and give your Windows account (machinename\username) Full Control over it. You can also share that folder.
Finally in the Vault Admin Client set up the shadow folder. This setting is in the Admin Web Client under Source Control Repositories->(Repository name)->Shadow Folders. You would add the repository folder name plus the UNC path to the shadow folder.