Granting users access to encryption functionality

The Content Manager uses a .NET encryption key to ensure the encryption of sensitive configuration data such as passwords. You must grant that new user access to the encryption key.

The following user accounts automatically have access to this encryption key:

  • All Content Manager system accounts, including the Content Manager user account and impersonation user accounts created during installation.
  • All Audience Manager and Outbound E-mail user accounts, excluding the database users.
  • The user account of the user who originally ran the installer.

You can use configuration encryption functionality directly if the user account running the SDL Tridion MMC Snap-in configuration tool is the same user account that originally ran the installer, and if the user executing the various SDL Tridion Windows services has not been not changed from the defaults. Otherwise (if you run the snap-in and/or Windows services as another user), you must grant new users access to the encryption key as follows:

  1. Log on as the user account of the user who originally ran the installer, or as a user who has been authorized to access the encryption key.
  2. Open a Windows command prompt.
  3. Go to a directory on your machine on which a version of the .NET Framework is installed (a subdirectory of C:\Windows\Microsoft.NET\Framework\ or C:\Windows\Microsoft.NET\Framework64\).
  4. Enter the following command:

    aspnet_regiis -pa "TridionRsaKeyContainer" "<domain>\<account>"

    where <domain> is the domain of this user and <account> is the username of the user.