Shares and Permissions are a component of your Microsoft Windows Server security architecture used to manage the process of authorizing users, groups, and computers to access objects on a network. Therefore, RFMS recommends any editing of client server settings should be done by a qualified technician. It is the responsibility of the client's technician to ensure the safety, security, and functionality of the server and workstations. RFMS, Inc. is not liable for any harm, damage, inconvenience, loss of data, or inability to work that may occur as a direct or indirect result of the information below.
Section 1: For Users Connecting to RFMS Locally or Remotely
Domain Environments:
- RFMS recommends setting up a Security Group for the Domain Users access the RFMS folder.
- From there, you can apply that Security Group to the folder for NTFS as well as the Folder Share permissions (if applicable to your environment).
- A Security Group will ensure that changes in personnel within your environment will just need to be added to that group to maintain permissions for RFMS.
Workgroup Environments:
Since a Workgroup Environment does not have the connectivity of a domain environment, RFMS recommends one of the following scenarios:
- Create a “Managed Service Account” on the machine that is hosting the RFMS Program Files. Give this account full rights to the RFMS Folder. Share the folder out using that account as well. Once the folder is shared out, you will need to manually connect all users’ workstations using those Managed Service Account credentials.
Note: Someone at store may need these credentials for issues such as reconnecting account on system when necessary.
- Create a Local Security Group on the machine that is hosting the RFMS Program Files. Create a local user account for ALL users that will need to access RFMS. Add all the Local Users to the new Security Group created. Once added, apply full permissions to the RFMS Folder using that Security Group. Share the folder out using the same Security Group with Full Permissions. Then, manually connect all workstations using the specific users’ login credentials you created.
Note: Each user should have a unique password for their account and should know this information again in case they need provide this information to reconnect to the share.
**** Remember, a Workgroup Environment does not support user migrations. This means: If any user moves from one workstation to another one, the permissions will need to be manually setup for that user on the new workstation. ****
IMPORTANT: Due to RFMS creating temporary files for certain processes throughout the System, and the need to delete these temporary files upon completion, the Security Group should have Full rights to the RFMS Folder and sub folders. This means that inheriting permissions from the root RFMS folder should be enabled for ALL subfolders underneath the RFMS Root Folder. This will include NTFS and Sharing Rights.
Section 2: For RFMS Services:
(Including CCA, SalesForce, MeasureOrderEntry, Gateway, RFMSB2B, RFMSDataEndpoint, etc)
NOTE: ALL RFMS SERVICES MUST BE INSTALLED ON THE LOCAL MACHINE THAT IS HOSTING THE RFMS PROGRAM FILES
RFMS recommends creating a “Managed Service Account” to run said service.
For a Domain Environment:
- Create a “Managed Service Account” on your Primary Domain Controller, then assign that Service Account FULL Rights to the RFMS Root Folder. Apply the permissions to the service that you want to run.
- In some cases, depending on how your environment is structured, you may need to assign domain admin rights to this service to get your RFMS Service to start.
- If this is the case for your environment, make sure you make this services password as COMPLEX AS POSSIBLE. Remember, this account will have domain admin rights and you want to make it as secure as possible.
For a Workgroup Environment:
- Create a “Managed Service Account” on the machine that is hosting your RFMS Files, then assign that Service Account FULL Rights to the RFMS Root Folder. Apply the permissions to the service that you want to run.
- In some cases, depending on how your environment is structured, you may need to assign local admin rights to this service to get your RFMS Service to start.
- If this is the case for your environment, make sure you make this services password as COMPLEX AS POSSIBLE. Remember, this account will have local admin rights and you want to make it as secure as possible.
- If this is the case for your environment, make sure you make this services password as COMPLEX AS POSSIBLE. Remember, this account will have local admin rights and you want to make it as secure as possible.
Comments
Please sign in to leave a comment.