Installation guide
n Discovery_Files: Provides access to text files that are used to discover or add machines manually.
n ERD_Extracts: Provides access to the default directory that contains extracted emergency repair disk
files. Backing up registry files requires the SE_BACKUP_NAME user right.
n Exported Reports: Allows access to the exported reports.
n File_Upload_Extracts: Allows access to the extracted copies of files uploaded from VCM.
n HistoryCache: Provides access to report history files.
n ImportedSRSReports: Allows access to SQL Server Reporting Service (SSRS) reports that are
imported into VCM.
n Remote_Command_Files: Provides access to the Windows remote command files that are required to
run remote commands in VCM.
n Reports: Provides access to VCM reports, which include AD, UNIX, Licensing, Provisioning, VCM
Patching, Virtualization, and so on.
n SCAP: Provides access to the SCAP import and export files used to assess your managed machines
against SCAP benchmarks.
n SUM Downloads: Provides access to patch files to patch managed machines. The service account user,
or a group to which this user belongs, must have write permission to this directory, or the user must
have Administrative privileges to this directory. If the service account does not have Administrator
privileges to use VCM Patching to deploy patches, the system Administrator must modify the file
permissions.
n SUM_Input: Provides access to text files that are used to create new imported templates to patch
managed machines.
n UNIX_Remote_Command_Files: Provides access to the UNIX remote command files that are required
to run remote commands in VCM.
Change Permissions On Machine Certificate Keys
If you plan to use certificate keys generated by Installation Manager for HTTP communication between
the VCM Collector and the VCM Agents on managed machines, you must review your security policy.
You can change the permissions on the certificate key to allow the Administrators group to have full
control after you install VCM.
The Foundation Checker system check reports a warning message about the security policy used to create
new objects. The security policy sets the permission on new files to the Administrators group instead of
the creator of the object. The system check does not stop the installation process, but instead creates a
certificate and associated cryptographic keys.
If the security policy is not set appropriately when Installation Manager generates the certificate, the
certificate private key is not accessible to other members of the Administrators group and causes HTTP
communication with the Agents to fail.
The TLS certificate private key to be generated on the Windows machine must have permissions that
include the Administrators group as the owner or as having full control. You cannot resolve this warning
before you install VCM. If an error occurs, after installation, you must either change the group policy so
that new files are assigned to the Administrators group and run Installation Manager again, or add the
Administrators group with full control to the generated certificate key file in the Machine Keys folder.
Prerequisites
n Install VCM. See "Installing VCM" on page115.
vCenter Configuration Manager Advanced Installation Guide
118
VMware, Inc.