Encrypting the Service Account Credentials - Full-Text Search - English - Foundation 22.1 - OnBase - external

Full-Text Search

Platform
OnBase
Product
Full-Text Search
Release
Foundation 22.1
License

By default, the user name and password of the OnBase service account are stored in the Hyland.FullText.Server.exe.config file in plain text. Although these credentials cannot be used to log on to any OnBase client application, you should encrypt these values in the Windows registry using the aspnet_setreg utility.Full-Text Search can then be configured to refer to the encrypted registry keys to retrieve the user name and password of the OnBase service account.

Note:

Full details on creating encrypted account registry keys are available from Microsoft. See for example the Microsoft Support article, How to use the ASP.NET utility to encrypt credentials and session state connection strings available at http://support.microsoft.com/kb/329290/.

  1. From a command line, change the directory to the location where the aspnet_setreg.exe utility resides. A copy of aspnet_setreg.exe is available in the ..\utilities\MISC subdirectory of the Core Services build.

    For example, if the utility is in C:\Program Files\Hyland\Web Server\Utilities, then enter:

    cd C:\Program Files\Hyland\Web Server\Utilities

  2. Enter the following command, where username is the user name of the Service Account, and password is the password.
    aspnet_setreg.exe -k:SOFTWARE\Hyland\FullTextServer\Identity -u:"username" -p:"password"
  3. Press Enter to execute the command.
  4. Open a Run dialog box and enter regedt32.
    CAUTION:

    Modify the registry at your own risk. Incorrectly editing the Windows registry can cause serious problems that may require you to reinstall your operating system. Be sure to back up the registry before making any changes to it. For more registry information, see the following Microsoft articles: http://support.microsoft.com/kb/256986 and http://technet.microsoft.com/en-us/library/cc725612.aspx

  5. Grant the Windows account that will run theFull-Text Search Service Read permissions to the following key: HKLM:SOFTWARE\Wow6432Node\Hyland\FullTextServer\Identity\ASPNET_SETREG
  6. Open the Hyland.FullText.Server.exe.config file in a plain-text editor. In a default installation this file is located at C:\Program Files\Hyland\Services\Full-Text Server\
  7. Locate the datasource element that displays the username and password in plain text.
  8. Replace the username value with the following:
    registry:HKLM\SOFTWARE\Wow6432Node\Hyland\FullTextServer\Identity\ASPNET_SETREG,userName
  9. Replace the password value with the following:
    registry:HKLM\SOFTWARE\Wow6432Node\Hyland\FullTextServer\Identity\ASPNET_SETREG,password
  10. Save the configuration file.
  11. Restart the Hyland Full-Text Server service for the changes to take effect.