Hi,
We are evaluating the SourceGear Vault Standard and it was setup with the vault service web config set to impersonate a domain administrator account. We are not able to have this setup because it will have the domain administrator password in an uprotected config file we need to migrate to the active directory please forward a link to the appropriate directions. We will have to stop evaluation of the software until this is resolved.
Thanks,
Vault Service is set with Impersonation
Moderator: SourceGear
Re: Vault Service is set with Impersonation
We don't have a quick fix for the password being in the clear. Only someone with administrative rights to the server machine could read that file in Inetpub, but I can see that you might not want the domain admin's password in the clear.
However there are alternatives for installation.
The account used for Identity Impersonation does not need to be at the level of a domain admin. Most users create a low-level account just for Vault to use. Here are the minimum requirements:
Create an actual account on the Domain - for example, "DOMAIN\VaultServerAccount".
Verify the following privileges have been granted to the domain account:
If you're using Identity Impersonation because SQL Server and Vault Server are on two different machines, then you could use SQL Server authentication for the Vault connectiion to SQL Server. If you choose this option, the installer creates an sgvaultuser account for Vault in SQL Server.
If Vault and SQL Server are on the same machine, then Identity Impersonation is not needed. You can use the Machine account (Network Service or IISAppPool) for the Vault server.
Let me know if you have a special situation we're not aware of.
However there are alternatives for installation.
The account used for Identity Impersonation does not need to be at the level of a domain admin. Most users create a low-level account just for Vault to use. Here are the minimum requirements:
Create an actual account on the Domain - for example, "DOMAIN\VaultServerAccount".
Code: Select all
--Make sure to use a strong password for the account.
--Clear the "User must change password at next logon" option.
--Select the "Password never expires" option.
Code: Select all
--Access this computer from the network
--Log on as a batch job
--Log on as a service
If Vault and SQL Server are on the same machine, then Identity Impersonation is not needed. You can use the Machine account (Network Service or IISAppPool) for the Vault server.
Let me know if you have a special situation we're not aware of.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager
-
- Posts: 3
- Joined: Fri Sep 21, 2012 9:11 am
Re: Vault Service is set with Impersonation
Hi,
The vault and the SQL server are on same machine ;however; I would like to build a low leve domain account to run the vault service and then SQL Server authentication for the Vault connectiion to SQL Server. Questions are now - how would I reconfigure the Vault service to not use impersonation and what SQL privileges are necessary in the vault databases ?
Thanks,
The vault and the SQL server are on same machine ;however; I would like to build a low leve domain account to run the vault service and then SQL Server authentication for the Vault connectiion to SQL Server. Questions are now - how would I reconfigure the Vault service to not use impersonation and what SQL privileges are necessary in the vault databases ?
Thanks,
Re: Vault Service is set with Impersonation
If SQL Server and Vault are on the same machine, then I'd recommend the simplest (default) installation.
You can use the Machine account (VaultAppPool) for the Vault server IIS Process model. Then just use Windows authentication for SQL Server -- Vault installer create a login in SQL Server or VaultAppPool.
The easiest way to change your settings would be to backup your databases, uninstall, leaving the databases, then reinstall and let the Vault Server installer take care of the configuration details.
In many cases, Active Directory authentication works without needing to use a domain account.
If you have questions about this or would like a remote assist session so I can assist with the installation, email me at support at sourcegear.com, ATTN: Linda.
Please include a link to this forum post.
You can use the Machine account (VaultAppPool) for the Vault server IIS Process model. Then just use Windows authentication for SQL Server -- Vault installer create a login in SQL Server or VaultAppPool.
The easiest way to change your settings would be to backup your databases, uninstall, leaving the databases, then reinstall and let the Vault Server installer take care of the configuration details.
In many cases, Active Directory authentication works without needing to use a domain account.
If you have questions about this or would like a remote assist session so I can assist with the installation, email me at support at sourcegear.com, ATTN: Linda.
Please include a link to this forum post.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager
-
- Posts: 3
- Joined: Fri Sep 21, 2012 9:11 am
Re: Vault Service is set with Impersonation
Hi,
It has been some time since my last post because it is a small shop here. I followed directions and remove old install then backed up databases and left in place. When I started the reinstall the install stops after asking if it is ok to make changes and agreeing to license conditions. The message is that there is already another install in progress wait for the install to complete. There is not any install and the old install was removed a long time ago, computer has restarted several times.
Thank you for your help.
It has been some time since my last post because it is a small shop here. I followed directions and remove old install then backed up databases and left in place. When I started the reinstall the install stops after asking if it is ok to make changes and agreeing to license conditions. The message is that there is already another install in progress wait for the install to complete. There is not any install and the old install was removed a long time ago, computer has restarted several times.
Thank you for your help.
Re: Vault Service is set with Impersonation
I'd suggest we schedule a remote assist session where I can take a closer look. Email me at support at sourcegear.com, ATTN: Linda and we'll set something up.
Please include a link to this forum post.
Please include a link to this forum post.
Linda Bauer
SourceGear
Technical Support Manager
SourceGear
Technical Support Manager