You receive a "You do not have the rights to perform this operation" error message when you configure server settings for single sign-on in SharePoint Portal Server 2003 (889645)


The information in this article applies to:

  • Microsoft Office SharePoint Portal Server 2003

SYMPTOMS

You cannot configure single sign-on settings for a server in your server farm deployment of Microsoft Office SharePoint Portal Server 2003. You specify single sign-on settings for the server on the Manage Server Settings for Single Sign-On page of SharePoint Portal Server Central Administration. After you do this, when you click OK, you receive the following error message:
You do not have the rights to perform this operation.

CAUSE

This issue may occur if the user account that the Microsoft Single Sign-On Service is configured to log on as does not have sufficient permissions.

RESOLUTION

To resolve this issue, make sure that the user account that you configure the Microsoft Single Sign-On Service to log on as meets the following requirements:
  • The user account is the same account that is configured as the single sign-on administrator account, or the user account is a member of the group account that is the single sign-on administrator account.
  • The user account is a member of the STS_WPG local group on all servers that are running SharePoint Portal Server 2003 in the server farm.
  • The user account is a member of the SPS_WPG local group on all servers that are running SharePoint Portal Server 2003 in the server farm.
  • The user account is a member of the public database role on the configuration database.
  • The user account is a member of the serveradmin fixed server role in the instance of Microsoft SQL Server where the single sign-on database is located.
Note In a single-server deployment of SharePoint Portal Server 2003, if the Microsoft Single Sign-On Service runs under an account that is a member of the local Administrators group, the user account does not have to be a member of either of the following roles:
  • The public database role
  • The serveradmin fixed server role
However, we recommend that you do not configure the Microsoft Single Sign-On Service to run as a member of the local Administrators group.

MORE INFORMATION

For more information about how to enable, to configure, and to use single sign-on in SharePoint Portal Server 2003, see the "Managing single sign-on and application definitions" section of the "Administration" chapter of the Microsoft Office SharePoint Portal Server 2003 Administration Guide (Administrator's Help.chm). To view the Microsoft Office SharePoint Portal Server 2003 Administration Guide, use one of the following methods:
  • Click Start, point to Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Administrator's Guide.
  • In the Docs folder in the root of the SharePoint Portal Server 2003 CD, double-click the Administrator's Help.chm file.
Modification Type:MajorLast Reviewed:12/9/2004
Keywords:kbConfig kberrmsg kbprb kbtshoot KB889645 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.