Proper rights must be assigned to the account that is entered when the Application Manager prompts for credentials. If these credentials are not properly assigned, you will be prompted to enter alternate credentials before protection can be enabled.
For SharePoint, you should first configure all permissions as described in Application Manager Credentials. In addition, the user must have the same permissions as are required for SQL. For more information, see SQL credentials.
The source SharePoint configuration (for either standalone or farm) has an administrator account that must be specified when you are installing and configuring SharePoint. You will need to use that farm administrator account when logging into the Application Manager (domain\username).
Additionally, the account you use must have local administrator (or equivalent) rights on the following servers:
In order to extend the target web server, you will also need to add the SharePoint administrator account to the local Domain Admin group on the target server before you extend the target web front-end server into the farm.
Next step: Configure SharePoint protection