VisualSVN Repository Configurator is a standalone tool that allows non-administrative users to manage permissions for repositories hosted on VisualSVN Server. Repository Configurator uses WMI (Windows Management Instrumentation) to communicate with a remote VisualSVN Server instance. The WMI technology provides the best level of security but requires additional configuration steps to be taken.
The following main steps are required to allow a user to manage permissions for a particular repository:
- Make the user a supervisor for the particular repository.
- Grant user permissions to access the server remotely using WMI:
- add user to the VisualSVN Repository Supervisors local group;
- add user to the Distributed COM Users local group.
- Check that WMI is allowed in the Windows Firewall.
As a prerequisite, users are required to install VisualSVN Repository Configurator on their computers. Download VisualSVN Repository Configurator at the dedicated download page. Also consider the KB67: Automated deployment of VisualSVN Repository Configurator using Group Policy article.
Make the user a supervisor for the particular repository
The main step is to allow a user to manage permissions for a particular repository hosted in VisualSVN Server. This step can be completed by VisualSVN Server administrator who has access to VisualSVN Server Manager console. In order to grant supervisor access to a particular repository, perform the following steps:
- Start VisualSVN Server Manager.
- Expand Repositories node.
- Right-click the required repository and execute All Tasks | Manage Delegation context menu command.
- Check the Enable repository management delegation checkbox to enable delegation for this repository.
- Click Add... to open Select Users and Groups dialog.
- Select the corresponding Active Directory group or user account and click the OK button.
- Click the Apply button.
Grant permissions to access the server remotely using WMI
Windows Management Instrumentation (WMI) provides an additional security layer that validates each user before the user is allowed to access WMI. You should adjust WMI permissions before a non-administrative user could connect to a VisualSVN Server instance with VisualSVN Repository Configurator.
In order to grant all the required WMI permissions to manage repository permissions on a remote VisualSVN Server instance to a non-administrative user, you should add the user into the following local groups on the computer where VisualSVN Server is installed:
- VisualSVN Repository Supervisors,
- Distributed COM Users.
Check that WMI is allowed in the Windows Firewall
Connecting to WMI remotely requires that you first configure the Windows Firewall on the server to allow this. Windows Firewall configuration should be done locally on the server. You can follow these steps in Windows Server 2008 and newer to allow WMI connections in Windows Firewall:
- Open Control Panel and double-click System and Security.
- Click Windows Firewall.
- Click Allow a program or feature through Windows Firewall.
- Click the Change settings option.
- Select the Windows Management Instrumentation (WMI) checkbox.
- Click OK.
While Windows Firewall can be configured via the Control Panel, you may find it easier to use the the netsh utility at the command prompt. Appropriate command lines are as follows:
- For Windows Server 2008 / 2008 R2 / 2012 (note that command line should
be executed in the elevated command prompt):
netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
- For Windows Server 2003 / 2003 R2:
netsh firewall set service RemoteAdmin enable
See alsoKB65: Troubleshooting VisualSVN Repository Configurator connection failures
KB67: Automated deployment of VisualSVN Repository Configurator using Group Policy