NT LAN Manager Notes

The directions in this topic apply to administrators who wish to enable Analytic Services to use external authentication of users in a Windows NT LAN Manager (NTLM) domain. This topic contains the following sections:

Setting Up User Rights for NT LAN Manager

To enable use of the NT LAN Manager provider, certain access rights are required of the Windows NT user account on which the Analytic Server or client runs.

Note: Make sure you set up these rights on the machine on which Analytic Services runs, rather than on the NT domain machine.

Additionally, certain access rights are required for end users. The following access rights are required for external authentication to work with an NT LAN Manager provider:

Setting Up User Rights on Windows NT
Setting Up User Rights on Windows 2000

Setting Up User Rights on Windows NT

  1. From the Start Menu, select Programs > Administrative Tools (Common) > User Manager.


  2. In the User Manager dialog box, select the appropriate user name.


  3. Select Policies > User Rights. The User Rights Policy dialog box is displayed.


  4. From the Right drop-down list box, select Access this computer from network.

    The users or groups who have the selected policy setting are shown in the Grant To list box. If the appropriate user is shown in this list box, click Cancel and skip to step 6.

  5. To grant the selected right, click Add, and complete the Add Users and Groups dialog box.


  6. In the User Rights Policy dialog box, check Show Advanced User Rights.


  7. From the Right drop-down list box, select Act as part of the operating system.

    The users or groups who have the selected policy setting are shown in the Grant To list box. If the appropriate user is shown in the Grant To list box, click Cancel and skip the rest of this procedure.

  8. To grant the selected right, click Add, and complete the Add Users and Groups dialog box.

Setting Up User Rights on Windows 2000

  1. From the Start Menu, select Settings > Control Panel > Administrative Tools > Local Security Policy.

    The Local Security Settings dialog box is displayed.

  2. In the left-pane tree of the Local Security Settings dialog box, expand the folder named Local Policies.


  3. Click the folder named User Rights Assignment, and, in the right area of the dialog box, double-click the policy named Access this computer from the network.

    The Local Security Policy Setting dialog box for the Access this computer from the network policy is displayed.

  4. If the relevant user account has the policy checked, click Cancel and skip to step 9.


  5. Click Add.
  6. Select the name of the appropriate user or group needing the right.


  7. Click Add.


  8. Click OK.


  9. In the right pane of the dialog box, double-click the policy named Act as part of the operating system.

    The Local Security Policy Setting dialog box for the Act as part of the operating system policy is displayed.

  10. If the relevant user account has the policy checked, click Cancel and skip the rest of this procedure.


  11. Click Add.


  12. Select the name of the appropriate user or group needing the right.


  13. Click Add.


  14. Click OK.

UNIX Application Support for NT LAN Manager

If you are implementing external authentication with an NT LAN Manager provider and wish to support the use of a UNIX machine for the client application, you must also ensure that the Hyperion Remote Authentication Module is installed on a Windows NT/2000 server. The installation program is available on the Hyperion Download Center. Download and read the installation and setup instructions provided with the Hyperion Remote Authentication Module on the Hyperion Download Center.

Multiple-Domain Support for NT LAN Manager

In addition to UNIX application support, the Hyperion Remote Authentication Module also enables a Hyperion application to authenticate users belonging to other domains that are not trusted by the domain on which the Hyperion application is installed. This removes the necessity to establish trust relationships between the domains.

Therefore, installing the Hyperion Remote Authentication Module can be useful to both of the following groups:

To provide support for NTLM authentication using multiple Windows domains, install the Hyperion Remote Authentication Module. The installation program is available on the Hyperion Download Center. Download and read the installation and setup instructions provided on the Hyperion Download Center.

©2004 Hyperion Solutions Corporation. All Rights Reserved.
http://www.hyperion.com