The Control Compliance Suite Console is a Windows application that runs on a client computer. The console allows access to the full range of Control Compliance Suite activities. Only users who have been assigned to roles that allow them to work in the console can perform activities in the console.
The computer that hosts the Control Compliance Suite Console and the computer that hosts the Application Server can be in the same domain. If the Console and the Application Server are in different domains, the components can communicate successfully if the domains have a two-way trust relationship. Both domains must be a Windows Server 2003 domain or a Windows Server 2008 domain. In addition, the trust relationship must be set up to use Kerberos authentication instead of the default NTLM authentication. Finally, only constrained delegation is supported. Unconstrained delegation is not supported.
If no trust relationship exists between the domains, you can use the Windows runas command to run the console. When you use the runas command, you supply the alternate credentials that the console uses to connect to the Application Server. To use the runas command, you must have valid credentials for an account in the same domain as the Application Server.
The runas command line should follow the pattern C:\Windows\System32\runas.exe /user:<Domain Name>\<User Name> /netonly C:\Users\<User Name on the local machine or domain>\AppData\Roaming\Symantec\<Application Server Name>\CCS90.exe.