[AG-TECH] Password only Windows node and the remaining problem
randy.groves at boeing.com
Thu Apr 22 18:16:51 CDT 2004
I just got done setting up a node in one of our sites in St. Louis - in an
executive conference room (talk about trepidation!!).
I wanted to make this installation as easy for people to use as possible -
without them having to request their own certificates.
I'm using Windows XP for this box, and I hit upon the following scheme. I
created a local user with admin rights, and installed all the software, set
up whatever other configurations were necessary, and imported the
certificate that I wanted to use for the node. This is a garden variety
user certificate. I tried to use a service cert - to avoid the pass
phrase, but these certs are locked out from the 'Enter' operation on a venue.
Once my configuration is set up, I use the documented method of setting up
a Default User profile (see the How To: Create a Default User Profile in
the MS Knowledge base) to copy this configured user into the Default User area.
Now a user can log into the node with their own user ID, and can operate
the node just by knowing the pass phrase to the certificate.
Not bad - if I don't say so myself.
There is one leetle problem. In order for this to work, all users that log
in must have local admin privileges. I was lucky to have access to an
admin with rights in the several domains that we wanted to include as
Authenticated Users on this box, so now any Boeing user with an account can
use the AG on this node - just by knowing the pass phrase.
I don't know what is causing the local-admin-only issue, but if we could
resolve that, then the potential exists for making this REALLY easy.
More information about the ag-tech