Using system users Windows

This section describes Windows specific tasks to perform to enable system user authentication and file system rights.

Enable user authentication for Copilot

This section describes how to define users for Transfer CFT Copilot server. The following information applies except if you are using the local system account when working in service mode.

The user rights to assign are:

  • Adjust memory quotas for a process
  • Impersonate a client after authentication (only on Windows 2008)
  • Replace a process level token
  • Create a token object

To define user rights:

  1. In a dos command window, enter lusrmgr.msc to open the system users list. Check available users.
  2. In a dos command window, enter secpol.msc to open the Local Security Policy window.
  3. Select Security Settings > Local Policies > User Rights Assignment.
  4. Double-click the required right.
  5. Click Add user or group and define.
  6. Close and re-open the Windows session to take into account the modifications.

Some user rights must be assigned to the user who starts the Transfer CFT UI server to allow other Windows users to log on, unless it is the local system account working in service mode.

The user rights are:

  • Adjust memory quotas for a process
  • Impersonate a client after authentication (only on Windows 2008)
  • Replace a process level token
  • Create a token object
  1. In a dos command window, type lusrmgr.msc to open the system users list. Check available users.
  2. In a dos command window, type secpol.msc to open the Local Security Policy window.
  3. Select Security Settings > Local Policies > User Rights Assignment.
  4. Double-click the required right.
  5. Click Add user or group and define.
  6. Close and re-open the Windows session to take into account the modifications.

Additionally, the user who wants to log on the Transfer CFT UI server must exist both in the Windows system and Central Governance (or PassPort AM). The Windows system performs the user authentication, and Central Governance (or PassPort AM) checks the other rights.

Note If using Central Governance, the user name is case-sensitive.

Enable the file user rights (USERCTRL)

Caution   When USERCTRL=YES, access to UNC or mapped file drives (as opposed to local files) are performed by the user who started Transfer CFT and not the owner of the transfer.

The Windows user who is going to perform transfers must have read and write rights for the files to be transferred.

Some user rights must be assigned to the user who launched the Transfer CFT server to permit other Windows users to perform transfers.

To assign user rights:

  • Adjust memory quotas for a process
  • Impersonate a client after authentication (only on Windows 2008)
  • Replace a process level token
  • Create a token object

To define user rights:

  1. In a dos command window, enter lusrmgr.msc to open the system users list. Check available users.
  2. In a dos command window, enter secpol.msc to open the Local Security Policy window.
  3. Select Security Settings > Local Policies > User Rights Assignment.
  4. Double-click the required right.
  5. Click Add user or group and define.
  6. Close and re-open the Windows session to take into account the modifications.

 

Related Links