Resetting the standard logon

It is possible to convert the CMS or CPA servers in an existing CPS installation to use integrated logons.

When running in integrated logon mode the CMS and CPA servers no longer provide database credentials when connecting to their respective databases. This is because access has been granted to the account under whose context the services are running. This provides an added level of security to your installation.

Integrated logons cannot be enabled on systems that were installed in non-secure mode. The CMS or CPA service’s log on or run as account must be set to a domain account and not the local system or a local system account.

All CMS and CPA servers may have integrated logons enabled by running the SetIntegratedLogin utility. This must be done for each server, and one server at a time. If integrated logons is enabled on a combined CMS/CPA server, it is enabled for both services at the same time. Enabling integrated logons requires restarting the affected CPS services.

After integrated logons have been enabled, it is possible to reset standard logons, again using the SetIntegratedLogin utility. This results in a server running in the same configuration as it was after installation. This is required if the “log on” account name is changed for any CMS or CPA service for whom integrated logons has been enabled.

The SetIntegratedLogin utility is run from the CPS Utilities command line prompt.

Note:

It is necessary to run SetIntegratedLogin only if the services run as account name is changed, not the run as password.

To reset the standard logon:

  1. Run SetIntegratedLogin to reset the standard logons.

  2. Change the services in question to the run-as account name.

  3. Run SetIntegratedLogin to re-enable integrated logons.

Resetting the standard logon