Enabling security with a non-administrative user account
 Technote (troubleshooting)
 
Problem(Abstract)
Local OS authentication cannot be used when using a user account with non-administrative access to the system. However, options are available for enabling security for a user account without administrative access.
 
Cause
When using the Local OS user registry, the user account that the product processes run under should have the Administrative and Act as part of the operating system privileges to call the Windows operating system authentication APIs to collect user and group information.
 
Resolving the problem
When running WebSphere Application Server using a non-administrative user account, if global security is enabled, you must use either LDAP or custom registry for the user registry.
The administrative process needs special authority, which is given by these privileges. The user in this example might not be the same as the security server ID, the requirement
for which is a valid user in the registry. This user logs in to the machine, if
using the command line to start the product process or the Log On User setting
in the services panel if the product processes have started using the services. If
the system is also part of a domain, this user should be part of the Domain
Admin group in the domain to call the operating system APIs in the domain in
addition to having the Act as part of operating system privilege on the local
system.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Security
Operating system(s): Windows
Software version: 5.0
Software edition:
Reference #: 1161789
IBM Group: Software Group
Modified date: Jan 24, 2005