Kbase P6373: How do I start a Ubroker Process in Windows under a different user account?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
09/09/2008 |
|
Status: Verified
GOAL:
How do I start a Ubroker Process on Windows under a different user account?
GOAL:
How do I start an AppServer Broker under a different user account?
GOAL:
How do I start a Sonic4GL Adapter under a different user account?
GOAL:
How do I start a WebSpeed Broker under a different user account?
GOAL:
How do I configure Progress to have ubroker start under a different user?
GOAL:
How do I define an owner for webspeed broker?
GOAL:
Permissions for starting webspeed under different owner
FACT(s) (Environment):
Progress 9.x
OpenEdge 10.x
Windows NT 32 Intel/Windows 2000
FIX:
In some situations it may be necessary to have a broker process start under a different account than the AdminServer. This is most likely under Windows NT, Windows 2000 or Windows XP in cases where the AdminServer is started by the LocalSystem Account which doesn't normally have rights to any network resources.
By having the broker start under a different user identity it may be possible to have the broker or its child processes communicate through the network without impediment. The option to have a broker launched as a different user than the AdminServer is possible under Windows (Windows NT, Windows 2000, and Windows XP) by modifying the ubroker.properties file.
Within the specific broker (webspeed, appserver, etc) section there is an entry for userName.
userName OPTIONAL
Defines a valid user account. It is possible to run a broker under a differ user account. By default a broker will run under the System Account (also known as LocalSystem).
The value of userName has 3 formats:
1. user_name = defines an Administrator on the local machine.
2. .\user_name = same as option 1, with explicit reference to the
local machine.
3. domain\user = A user on a specified domain.
Example:
[UBroker.AS.asbroker1]
appserviceNameList=asbroker1
brokerLogFile=@{WorkPath}\asbroker1.broker.log
controllingNameServer=NS1
defaultService=1
description=A sample AppServer setup for State-reset
environment=asbroker1
password=
portNumber=3090
srvrLogFile=@{WorkPath}\asbroker1.server.log
userName=mytestaccount
uuid=932.99.999.XXX:1ee77e:cf3bbe3d33:-8000
In this example userName is set to mytestaccount.
password OPTIONAL
Specifies the encrypted password of the userName property. If userName is set, then password is required. It's value is an encrypted form of the user account's password. This property is automatically encrypted by the Progress Explorer. If you manually add broker definitions you can generate an encrypted password using the following command:
[Install-dir]\bin\genpassword -password users_password
where: "users_password" is the clear text password
for the userName account.
You can then cut and paste the value into password=
Default: (none)
From Progress explorer, the user account is set at broker -> properties -> Owner information screen.
To be able to use as a different user account, the user must have administrator privileges AND 'Logon as batch' enabled. See the User Manager->User Rights options.
Some extra privileges are required for the specified user before you start the broker using that specific account:
- Administrator.
- Log on as a service.
- Log on as batch job.
- Act as part of the operating system.
- Increase quotas.
- Create a token object.
- Replace a process level token.
The "Increase quotas" has been replaced by "Adjust memory quotas for a process" on XP and 2003.
For specifics on how to set user rights on windows, please reference
Progress solution 19244, How To configure windows to Start A Broker Under a Windows User?