[AG-TECH] Password only Windows node and the remaining problem

Randy Groves randy.groves at boeing.com
Thu Apr 22 18:16:51 CDT 2004


I just got done setting up a node in one of our sites in St. Louis - in an 
executive conference room (talk about trepidation!!).

I wanted to make this installation as easy for people to use as possible - 
without them having to request their own certificates.

I'm using Windows XP for this box, and I hit upon the following scheme.  I 
created a local user with admin rights, and installed all the software, set 
up whatever other configurations were necessary, and imported the 
certificate that I wanted to use for the node.  This is a garden variety 
user certificate.  I tried to use a service cert - to avoid the pass 
phrase, but these certs are locked out from  the 'Enter' operation on a venue.

Once my configuration is set up, I use the documented method of setting up 
a Default User profile (see the How To: Create a Default User Profile in 
the MS Knowledge base) to copy this configured user into the Default User area.

Now a user can log into the node with their own user ID, and can operate 
the node just by knowing the pass phrase to the certificate.

Not bad - if I don't say so myself.

There is one leetle problem.  In order for this to work, all users that log 
in must have local admin privileges.  I was lucky to have access to an 
admin with rights in the several domains that we wanted to include as 
Authenticated Users on this box, so now any Boeing user with an account can 
use the AG on this node - just by knowing the pass phrase.

I don't know what is causing the local-admin-only issue, but if we could 
resolve that, then the potential exists for making this REALLY easy.

(Bug 913)

-randy





More information about the ag-tech mailing list