How to Set the Service Connection Point (SCP) Object Permissions

The connector creates a serviceConnectionPoint object when it is started for the first time after installation. When the connector service is started by the Local System account, it has full control over the serviceConnectionPoint object.

If you use an Active Directory account other than the Local System account, the following procedure describes how to add the additional permissions required by that user.

If you change the connector’s account or modify Local System account permissions, be sure to make the same changes on all the connectors you install.

To set the permissions for a Service Connection Point (SCP) object for a selected user account:

  1. Open ADSI Edit and open the Properties for the desired SCP object.

    The service connection is created when the connector is started for the first time. If the connector’s name is

    CN=MachineA,CN=Computers,DC=domain,DC=com

    the SCP object is located in ADSI Edit at the following:

    CN=proxy,CN=MachineA,CN=Computers,DC=domain,DC=com

  2. Select the Security tab and then click Add to add the user account you are using to run theconnector service. Click OK after you add the user account.

  3. Click the user account in Group or User Names and click the Advanced button.

  4. Click user account in the Permission entries tab and click the Edit button.

  5. In the Object tab, click the Allow box for the Write all properties permission.

    The “Apply to” field should be set to This object only. This is often the default. If it is not, use the drop-down list to change it.

  6. Click OK.

  7. Click OK on the succeeding windows to exit ADSI Edit.