To complete this walkthrough, you need three computers that are configured as described in the introduction.

For information on installing Microsoft SQL Server, see Installation Considerations for Microsoft SQL Server. (Specific SQL Server configuration issues are, however, covered at the appropriate location in the walkthrough.)

For more information about configuring these computers according to Microsoft Dynamics NAV 2009 security best practices, see the Microsoft Dynamics NAV 2009 Security Hardening Guide.

You must also have the setspn command-line tool installed on your server. In Windows Server 2008, the setspn tool is included if you have installed the Active Directory Domain Services server role. In Windows Server 2003, you must download the Windows Server 2003 Service Pack 2 32-bit Support Tools to get the setspn tool.

1. Insert the Microsoft Dynamics NAV 2009 DVD in the drive of NAVSQL, which is the server where SQL Server is already installed.

2. On the startup page, under Install, click Microsoft Dynamics NAV.

3. On the Welcome page, click Next.

4. To accept the license terms, click I accept.

5. On the Microsoft Dynamics NAV 2009 Installer page, click Choose an installation option.

6. On the Choose an installation option page, click Database Components.

   The demo database is included as part of this option.

7. On the Specify parameters page, click Install.

8. After the installation is complete, click Close to exit Setup.

1. Insert the Microsoft Dynamics NAV DVD into the drive of NAVSERV.

2. On the startup page, under Install, click Microsoft Dynamics NAV.

3. On the Welcome page, click Next.

4. To accept the license terms, click I accept.

5. On the Microsoft Dynamics NAV 2009 Installer page, click Choose an installation option.

6. On the Choose an installation option page, click Server.

7. On the Specify parameters page, click Server to open the Installation Parameters pane.

8. In the SQL Server field, type NAVSQL, which is the name of the computer running SQL Server.

9. In the SQL Database field, type Demo Database NAV (6-0).

   This is the Microsoft Dynamics NAV demo database, which contains the CRONUS International, Ltd., demonstration company.

10. Click Apply to save the Microsoft Dynamics NAV Server settings.

11. Click Install to start installing software.

12. After the installation is complete, click Close to exit Setup.

After you create the domain user account, you must verify that the Domain Functional Level or your domain is at least Windows Server 2003 level.

Caution
Do not raise the domain functional level if you have or will have any Microsoft Windows NT 4.0 or earlier domain controllers. As soon as the domain functional level is raised to Windows 2000 native or Windows Server 2003, it cannot be changed back to a Windows 2000 mixed domain.

To determine if the functional level of your domain is at least Windows Server 2003 level and to raise it if it is not, follow these steps:

1. Choose Run from the Start menu in Windows, type dsa.msc, and then press ENTER.

   This opens the Active Directory Users and Computers utility. This utility is part of Windows Server 2003 or Windows Server 2008.

2. Right-click the domain where Microsoft Dynamics NAV is installed, and then click Raise Domain Functional Level.

   If the level is at least Windows Server 2003, then you can close the utility. Otherwise, continue to the final step.

3. Under Select an available domain functional level, click Windows Server 2003, and then click Raise.

Change the logon account for the Microsoft Dynamics NAV Server service and the SQL Server service to use your domain user account. For information about how to configure Windows Services, see How to: Configure Windows Services.

Note
As described in How to: Configure Windows Services, you should actually use different tools to configure the respective services: use the Service tool from Windows Control Panel for the Microsoft Dynamics NAV Server service, and use the SQL Server Configuration Manager tool for the SQL Server service. This assures that that permissions required for the SQL Server service account are granted.

1. Open SQL Server Management Studio, and then connect to your SQL Server instance.

2. On the File menu, point to New, and then click Query with Current Connection.

3. Type the following SQL statements.

   	Copy Code
   USE MASTER CREATE LOGIN [ReplaceWithNAVServerAccount] FROM WINDOWS; GO

4. Highlight the lines that you typed, and then on the Query menu, click Execute.

5. Type these lines after the existing lines.

   	Copy Code
   USE [ReplaceWithYourDatabaseName] CREATE USER [ReplaceWithNAVServerAccount] FOR LOGIN [ReplaceWithNAVServerAccount];

6. Highlight the lines that you just typed, and then on the Query menu, click Execute.

7. Type these lines after the existing lines.

   	Copy Code
   CREATE SCHEMA [$ndo$navlistener] AUTHORIZATION [ReplaceWithNAVServerAccount]; GO

8. Highlight the lines that you just typed, and then on the Query menu, click Execute.

   You may see an error stating that the schema in question already exists. You can ignore this error.

9. Type these lines after the existing lines.

   	Copy Code
   ALTER USER [ReplaceWithNAVServerAccount] WITH DEFAULT_SCHEMA = [$ndo$navlistener]; GRANT SELECT ON [Object Tracking] TO [ReplaceWithNAVServerAccount]; GO

10. Highlight the lines that you just typed, and then on the Query menu, click Execute.

    Note
    The Object Tracking table name may be in a different language than English. If it is, then replace "Object Tracking" with the actual table name from your database.

11. Save your query to keep a record of these actions.

    You can use these commands again when you create a new database or change the account that you use to run Microsoft Dynamics NAV Server.

1. In Windows Explorer, navigate to the Microsoft Dynamics NAV Server folder on the computer where you have installed Microsoft Dynamics NAV Server. On Windows Server 2003, the default location is:

   Documents and Settings\All Users\Application Data\Microsoft\Microsoft Dynamics NAV\60

   On Windows Server 2008 or Windows Vista, the default location is:

   ProgramData\Microsoft\Microsoft Dynamics NAV\60\

2. Right-click the Service folder, and then click Properties to open the Service Properties dialog box.

3. Click the Security tab.

4. Select the domain user account from the list in the top half of the dialog box, and then, in the Permissions for section in the bottom half, select Allow next to the Full Control permission.

   This grants the domain user account full control of the folder.

5. Select the NETWORK SERVICE account in the top half, and then clear the Allow field next to the Full control permission in the bottom half.

   This revokes permissions on the folder for the Network Service account. No account other than your domain user account should have access to the server folder.

6. Click OK to close the Service Properties dialog box.

1. Insert the Microsoft Dynamics NAV DVD into the drive of NAVCLIENT, which is your Microsoft Dynamics NAV client computer.

2. On the startup page, under Install, click Microsoft Dynamics NAV.

3. On the Welcome page, click Next.

4. To accept the license terms, click I accept.

5. On the Microsoft Dynamics NAV 2009 Installer page, click Choose an installation option.

6. On the Choose an installation option page, click Client to install the RoleTailored client.

7. On the Specify parameters page, click RoleTailored client to configure the component.

8. In the Installation Parameters dialog box, type NAVSERV, which is the name of the computer running Microsoft Dynamics NAV Server, in the Server Name field.

   You should fully qualify the domain name in this field (in the form YourServer.YourDomain.YourCompany.com).

9. Click Apply, and then click Apply on the Specify parameters page to start installing software.

10. After installation is complete, click Close to exit.

The first step in setting up delegation is to create service principal names (SPN). To make delegation more secure, Active Directory uses Kerberos to authenticate services. An SPN is the name by which a client uniquely identifies an instance of a service, using the account under which the service runs. You must create one SPN for the Microsoft Dynamics NAV Server service and one SPN for the SQL Server service to make delegation work.

To create service principal names

Configuring delegation means explicitly configuring the Microsoft Dynamics NAV Server service on NAVSERV to delegate its access to the database server on behalf of the RoleTailored client. To make the access more secure, you specify delegation to a specific service on a specific server. In this walkthrough, you specify delegation on the SQL Server database service (MSSQLSERVER). This is known as constrained delegation.

You must run the following procedure on a computer where the Active Directory Users and Computers utility (dsa.msc) is available.

To delegate access to the SQL Server service

Delegation from the domain user to the SQL Server service on a separate computer is now enabled.