Encrypting User Names and Passwords - WorkView Integration for Microsoft Outlook - Foundation 23.1 - Foundation 23.1 - Ready - OnBase - Premier - external - Premier

WorkView Integration for Microsoft Outlook

Platform
OnBase
Product
WorkView Integration for Microsoft Outlook
Release
Foundation 23.1
License
Premier

By default, the Service Account's user name and password are entered in Hyland.Core.FullText.NTService.exe.config in clear text. Although these credentials cannot be used to log on to any OnBase client application, it is considered a security best practice to encrypt them in the Windows registry using the aspnet_setreg utility. The Full Text Service can then be configured to refer to the encrypted registry keys to retrieve the Service Account's user name and password.

Full details on creating encrypted account registry keys are available in the Microsoft article: “How to use the ASP.NET utility to encrypt credentials and session state connection strings” available at: http://support.microsoft.com/kb/329290/

CAUTION:

Modify the registry at your own risk. Incorrectly editing the Windows registry can cause serious problems that may require you to reinstall your operating system. Be sure to back up the registry before making any changes to it.

To encrypt the user name and password:

  1. From a command line, change the directory to the location where the aspnet_setreg.exe utility resides. A copy of aspnet_setreg.exe is available in the ..\utilities\MISC subdirectory of the Core Services build.

    For example in a 32 bit system, if the utility is in C:\Program Files\Hyland\Web Server\Utilities, then enter:

    c d C:\Program Files\Hyland\Web Server\Utilities

  2. Enter the following command, where username is the user name of the Service Account, and password is the password.

    For a 32 bit system: aspnet_setreg -k:SOFTWARE\Hyland\FullTextService\Identity -u:<username> -p:<password>

    For a 64 bit system: aspnet_setreg -k:SOFTWARE\Wow6432Node\Hyland\FullTextService\Identity -u:<username> -p:<password>

  3. Open a Run dialog box and enter regedt32.
  4. Grant the Windows account that will run the Full Text Indexing Service Read permissions to the HKLM:SOFTWARE\Hyland\FullTextService\Identity\ASPNET_SETREG registry key.
    In 64-bit environments, grant the Windows account Read permissions to the following key: HKLM:SOFTWARE\Wow6432Node\Hyland\FullTextService\Identity\ASPNET_SETREG. The aspnet_setreg utility automatically stores the encrypted credentials in this key when run in a 64-bit environment.
  5. Open the Hyland.Core.FullText.NTService.exe.config file. This file's default location is C:\Program Files\Hyland\Services\Full-Text for a 32 bit system or C:\Program Files (x86)\Hyland\Services\Full-Text for a 64 bit system.
  6. Modify the <Datasources> element to retrieve the encrypted credentials from the registry.
  7. Replace the UserName value with the following:

    In a 32 bit system: “registry:HKLM\SOFTWARE\Hyland\FullTextService\Identity\ASPNET_SETREG,userName”

    In a 64 bit system: “registry:HKLM\SOFTWARE\Wow6432Node\Hyland\FullTextService\Identity\ASPNET_SETREG,userName”

  8. Replace the Password value with the following:

    In a 32 bit system: “registry:HKLM\SOFTWARE\Hyland\FullTextService\Identity\ASPNET_SETREG,password”

    In a 64 bit system: “registry:HKLM\SOFTWARE\Wow6432Node\Hyland\FullTextService\Identity\ASPNET_SETREG,password”

  9. Save the configuration file.
  10. Restart the Hyland Full Text Indexing Service using the Windows Services console.