Microsoft KB Archive/889645

= You receive a &quot;You do not have the rights to perform this operation&quot; error message when you configure server settings for single sign-on in SharePoint Portal Server 2003 =

Article ID: 889645

Article Last Modified on 12/9/2004

-

APPLIES TO


 * Microsoft Office SharePoint Portal Server 2003

-





SYMPTOMS
You cannot configure single sign-on settings for a server in your server farm deployment of Microsoft Office SharePoint Portal Server 2003. You specify single sign-on settings for the server on the Manage Server Settings for Single Sign-On page of SharePoint Portal Server Central Administration. After you do this, when you click OK, you receive the following error message:

You do not have the rights to perform this operation.



CAUSE
This issue may occur if the user account that the Microsoft Single Sign-On Service is configured to log on as does not have sufficient permissions.



RESOLUTION
To resolve this issue, make sure that the user account that you configure the Microsoft Single Sign-On Service to log on as meets the following requirements:
 * The user account is the same account that is configured as the single sign-on administrator account, or the user account is a member of the group account that is the single sign-on administrator account.
 * The user account is a member of the STS_WPG local group on all servers that are running SharePoint Portal Server 2003 in the server farm.
 * The user account is a member of the SPS_WPG local group on all servers that are running SharePoint Portal Server 2003 in the server farm.
 * The user account is a member of the public database role on the configuration database.
 * The user account is a member of the serveradmin fixed server role in the instance of Microsoft SQL Server where the single sign-on database is located.

Note In a single-server deployment of SharePoint Portal Server 2003, if the Microsoft Single Sign-On Service runs under an account that is a member of the local Administrators group, the user account does not have to be a member of either of the following roles:
 * The public database role
 * The serveradmin fixed server role

However, we recommend that you do not configure the Microsoft Single Sign-On Service to run as a member of the local Administrators group.



MORE INFORMATION
For more information about how to enable, to configure, and to use single sign-on in SharePoint Portal Server 2003, see the &quot;Managing single sign-on and application definitions&quot; section of the &quot;Administration&quot; chapter of the Microsoft Office SharePoint Portal Server 2003 Administration Guide (Administrator's Help.chm). To view the Microsoft Office SharePoint Portal Server 2003 Administration Guide, use one of the following methods:
 * Click Start, point to Programs, point to SharePoint Portal Server, and then click SharePoint Portal Server Administrator's Guide.
 * In the Docs folder in the root of the SharePoint Portal Server 2003 CD, double-click the Administrator's Help.chm file.

Keywords: kberrmsg kbtshoot kbprb kbconfig KB889645

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.