The Control Compliance Suite Console is a Windows application that runs on a client computer. The console allows access to the full range of Control Compliance Suite activities. Only users who have been assigned to roles that allow them to work in the console can perform activities in the console.

The computer that hosts the Control Compliance Suite Console and the computer that hosts the Application Server can be in the same domain. If the computers that host the Console and the Application Server are in different domains and the domains have a two-way trust relationship, the components can successfully communicate. Both domains must be a Windows Server 2003 domain or a Windows Server 2008 domain. In addition, the trust relationship must be set up to use Kerberos authentication instead of the default NTLM authentication. Finally, only constrained delegation is supported. Unconstrained delegation is not supported.

For information on setting up delegation, see the Symantec Control Compliance Suite Installation Guide.

If no trust relationship exists between the domains, you can use the Windows runas command to run the console. When you use the runas command, you supply the alternate credentials that the console uses to connect to the Application Server. To use the runas command, you must have valid credentials for an account in the same domain as the Application Server.

The runas command line should follow the pattern C:\Windows\System32\runas.exe /user:<Domain Name>\<User Name> /netonly C:\Users\<User Name on the local machine or domain>\AppData\Roaming\Symantec\<Application Server Name>\CCS90.exe.