Web Server:

1. The VSS*net server side is implemented as a web service.  You will need to install the dotNet runtime on an IIS5+ server before installing the server components.
2. If you are installing the server on a computer that also functions as a Domain Controller, read this article .
3. Once the dotNet runtime has been installed, run the server installation.  The installation will create the web application for the VSS.net server to run on.  The following instructions are the steps you must follow to configure the site and the server so that it will run properly.
4. Set the site up so that it uses Anonymous authentication only .
5. If Visual Source Safe(VSS) has not been installed on the web server yet, install VSS.  If the web server will double as the VSS server install both the server and client sides of VSS.  If the VSS server will reside on a separate computer, you only need to install the VSS client.  The client will need to be installed on each webserver that is part of the web farm if you are using a web farm for your web server.
6. Create a new NT user account named VSSServer that will access VSS.net.  If you have a domain controller, you'll just need to create the user once for the domain.  If not, each computer involved: the VSS server as well as each web server will need to have a local user created with the exact same name and password. You can use a different username and password, but you will need to modify the web.config file's impersonation to reflect the different name.  Also, any other place in this documentation where we mention the VSSServer user, you will need to use your user name in it's place.
7. If you are not going to use the VSSServer name for the VSSServer user, make sure you add a line to your web.config file in the appSettings section that will tell the application who the VSSServer user is.
   <add key="VSSServer" value= "new VSSServer username goes here" />
8. Add the VSSServer user to the list of allowed users of the c:\WinNT\Microsoft.net directory and give the group "Full Control" access to the directory.  Allow the permissions to propagate through to all the sub directories.
9. Find the directory where VSS is installed (Typically c:\Program Files\Microsoft Visual Studio\Common\VSS) and grant the VSSServer user full rights to the VSS directory and below using a process similar to 4. above.
10. In the web.config file, scroll to the bottom where the appSettings section is.  Here you will add a key for each vss database you want your clients to be able to access .
11. For each database, add a key of the format:
        <add key="DatabaseList.databaseName" value="databasePath"/>
    
    where databaseName is a unique name for the database and databasePath is the path to the vss database directory.  The database path MUST have a trailing back slash.
12. On Windows 2000 only, give the ASPNET account "Act as part of the operating system" rights.
    1.  Navigate to "Start" > "Settings" > "Control Panel"
    2.  Double click "Administrative Tools"
    3.  Double click "Local Security Policy"
    4.  Expand the tree to "Security Settings" > "Local Policies" > "User Rights Assignment"
    5.  Double click "Act as part of the operating system" in the list on the right.
    6.  Click the "Add..." button.
    7.  Find the user named "ASPNET", select the user and press the "Add" button.
    8.  Click the OK button to exit the dialog.
    9.  Click the OK button to exit the "Local Security Policy Setting" dialog.
    10.  Reboot Windows 2000.

• You may need to run the application in this zip file.  If you are having trouble getting the server side working.  For example, it won't let you log in, try running this executable on the server as an administrator.

COM+ vs ASPNET User

Because of a recent change in the way .NET handles security with COM objects, you will either need to grant the ASPNET user account the same rights as the VSSServer user OR you will need to install the VSS Automation object into COM+ and configure it to run impersonating VSSServer.  The COM+ installation is the preferred method.

• In the control panel under "Administrative Services" location the icon named "Component Services" and double click it.
• Expand the "Component Services" node all the way down to "COM+ Applications."
• Right click "Component Services" and select "New" > "Application" from the menu.
• Use the wizard to create an empty application.  Give it whatever name you like and select the "Server application" radio button.
• Use VSSServer username and password to have the applicatoin run as the VSSServer user.
• Expand the newly created application and right click "Components"
• Select "New" > "Component" off the menu.  Use the wizard and select the button "Import component(s) that are already registered."
• Select the component "SourceSafe.0"

On the VSS server.

1. If you don't have a domain controller , make sure that you replicate the user from above.
2. Make the VSS database directory (the directory the srcsafe.ini file is located in) available via a share and grant full access to the directory to the VSSServer user.
3. Create a user in each VSS database named VSSServer and give that user ReadOnly rights.  It is best if you do not set a password for this user.  Because we are setting this user as Read Only, anyone who does happen to get into VSS using this account will only be able to see that the files exist but will not be able to retrieve them.