Documentation Center

Granting user accounts access to encryption functionality

The Content Manager server uses a .NET encryption key to ensure the encryption of sensitive configuration data such as passwords. You must grant that new user access to the encryption key.

The following user accounts automatically have access to this encryption key:

  • All Content Manager system accounts, including the Content Manager user account and impersonation user accounts created during installation
  • All user accounts, excluding the database users, for Audience Manager and Outbound E-mail (deprecated)
  • The user account of the user who originally ran the installer

You can use configuration encryption functionality directly if the user executing the various SDL Tridion Sites Windows services has not been not changed from the defaults. Otherwise (if you run the Windows services as another user), you must grant new users access to the encryption key as follows:

  1. Log on as the user account of the user who originally ran the installer, or as a user who has been authorized to access the encryption key.
  2. Open a Windows command prompt.
  3. Go to a directory on your machine on which a version of the .NET Framework is installed (a subdirectory of C:\Windows\Microsoft.NET\Framework\ or C:\Windows\Microsoft.NET\Framework64\).
  4. Enter the following command:
    aspnet_regiis -pa "TridionRsaKeyContainer" "<domain>\<account>"

    where <domain> is the domain of this user and <account> is the username of the user.