Version 10.4.6 contains some security related updates that you should be aware of before you upgrade your EtaPRO system. The intention of these updates is to encourage EtaPRO system administrators to adopt the ten recommendations outlined in this document.
1. Default Account
The default account used by all Windows services associated with EtaPRO is the now the local service account instead of the local system account. The local service account is a lower privilege account that is built into the operating system and is typically used by Windows services. If your EtaPRO server uses Windows authentication when connecting to SQL Server,this may present a problem since the local service account will generally not have permissions to connect to SQL Server. If it is currently connecting as the local system account, when you attempt to start EtaPRO it will freeze for an extended time period while it attempts to connect to SQL Server with the local service account and then fails. If this occurs, you will need to update the EtaPRO Windows services to use an account with permission to connect to SQL Server or alternatively revert to using the local system account that was previously used (not recommended). You can specify the account used by the EtaPRO services using the “Configure Server Service Account” button on the EtaPRO service manager.
2. Initial EtaPRO Start-up
Whenever you install or reinstall EtaPRO you should initially start the EtaPRO server using the EtaPRO Service Manager. The EtaPRO Service Manager ensures that required upgrades occur and that directory permissions are correctly configured for the account used to run the EtaPRO services.
3. User Account Control
The EtaPRO Service Manager has been updated to invoke UAC when you start, stop, or change the configuration. Instead of seeing a UAC prompt immediately upon launching the EtaPRO Service Manager, the service manager will restart with elevated privileges when you attempt to start, stop, or change the configuration.
4. Warning Messages
Several warning messages have been added to the service manager in order to encourage EtaPRO system administrators to follow best practices.
- If your system is configured to use the GPStrategies default SQL Server system administrator username and password created when EtaPRO was initially installed, you will see the following warning message. To resolve the warning, change the SQL Server sa password to something other than Changeme1!
- If your system is configured to use a SQL Server system administrator account, you will receive the following warning when you attempt to start EtaPRO. To resolve the warning, update SQL Server to anon-administrator account for connecting to the EtaPRO databases. Please refer to the following link for directions on configuring an account for use with the EtaPRO databases: https://issues.etapro.com/f/page?W13
- GP Strategies recommends that you configure your EtaPRO system to use the Windows security mode. If you are using the EtaPRO security mode, you will see the following warning when you exit the User Management form in the EtaPRO client.
5. A Note for OPC Users
When upgrading between versions of 10.4, customers who use Matrikon OPC may see their Data Interface disappear. The resolution is to reinstall the Interface. For more details on this topic, please see the article here.
If you have questions regarding these suggestions, or about anything EtaPRO related, please open a support case using the link located on the main menu of this site.
408 total views, 3 views today