Setting Up Decisions to Run as a Non Admin UserLast Updated: 12/03/2015 Introduced in Verision: 2.0
Setting up Decisions to run as a Non Admin User
We begin with creating a New User that does not have administrator privileges in our OS.
We configure User…
Standard User created.
Next, we download the Decisions Installer and Install the program according to the Installation Documentation. http://decdocs3x.wpengine.com/installation-ms-sql/
After Installation we will make changes so that we can run Decisions as a Non Admin User.
In SQLserver Management Studio run this query to create an SQL User that does not have Administrator privileges. We will use this user to connect Decisions to the database. If you already have a user then you may skip the query and connect Decisions to the Database via that user.
CREATE LOGIN Create user to use here
WITH PASSWORD ='CreatePassword to use here', DEFAULT_DATABASE = decisions;
CREATE USER exampleuser FOR LOGIN exampleuser
GRANT ALTER ANY SCHEMA to exampleuser
GRANT EXECUTE to exampleuser
GRANT ALL to exampleuser
EXEC sp_addrolemember N'db_datareader', N'exampleuser'
EXEC sp_addrolemember N'db_datawriter', N'exampleuser'
Query runs successfully…
Next, we run the Decisions Installer and go into Edit Settings.
We need to change the DatabaseConnectString to use the newly created SQL User and its Password.
Setting Access for User
In order to set Service Host Manager to use an account that does not have administrator privileges we need to run the commands below in the Command Prompt. These commands will reserve the URL’s so that our user can listen on them. We need to enable user access for WCF services to use IIS and these following commands will enable that.
Run these commands in Command Prompt
netsh http add urlacl url=http://+:80/decisions/socketmanager/ user=NonAdminUser
netsh http add urlacl url=http://+:80/decisions/primary/api/ user= NonAdminUser
netsh http add urlacl url=https://+:443/decisions/primary/api/ user= NonAdminUser
Exchange NonAdminUser for the user created in the OS in the commands above
Note: If we want to revert this process and set SHM back to Admin user, we are going to have to delete URL reservations.
Run these commands in Command Prompt to delete URL reservations
netsh http delete urlacl url=http://+:80/decisions/socketmanager/
netsh http delete urlacl url=http://+:80/decisions/primary/api/
netsh http delete urlacl url=https://+:443/decisions/primary/api/
Enable Other Access
We change LazyServiceHosting to False in Settings.xml (This file can be found at C:\Program Files\Decisions\Decisions Services Manager). Without Lazy loading it will take longer for Service Host Manager to Load because it is loading all the services upfront. With Lazy loading enabled the services are loaded as you need them. In order to use Decisions with an account that is not an Administrator we need to disable Lazy Loading.
Next, we give our Non Admin User full access to the Decisions Directory (C:\Program Files\Decisions)
Then, we open Services and change Service Host Manager to use the Non Admin Account that was set up earlier.
Confirm that Non Admin User was granted log on to Service Host Manager.
Restart Service Host Manager and navigate to the Decisions Login screen to verify that it is now working.
Articles relevant to this process