Windows Permissions

After you set up your applications, you may set access permissions by using the Windows server security features. Refer to your Windows documentation for more information about security procedures.

Note: In Windows, the AcuAccess and AcuAccess.vix files should be readable and writable by "Administrator" and "System," with no other access. Make sure that the AcuAccess file and the acurcl.cfg file can be written only by those accounts and groups that you want to have write privileges.

We recommend that you use native system security rather than AcuConnect system security. (On Windows 2008 you must use native system security.)

To use native security, set the SECURITY_METHOD variable in both the runtime configuration file on the client and server configuration file on the server. You still create a server access file containing access records that define your user base, but the server access file is used only to check if the user connecting to the server is allowed to connect, and to check to which local account the connection should be mapped.

We recommend that you install and run AcuConnect on an NTFS drive, because FAT partitions offer no security to files or programs and are not supported by Micro Focus. If you install AcuConnect on an NTFS partition, be aware that the user connecting to AcuConnect needs all of the following:

For example, if ACUCONNECT_RUNTIME_FLAGS contains -e logfile, AcuConnect attempts to write "logfile" in the same directory as acurcl.exe. In this case, the user would need CHANGE (RWXD) permissions to access that directory.

If the user connecting to AcuConnect is mapped to DEFAULT_USER, then DEFAULT_USER needs these permissions.