Configuring the Run As Logon ID

To execute service programs, Business Information Server must assume the identity of a user authorized to run the programs and access data files required by the programs. This is accomplished by specifying a Logon ID during installation, reinstallation, or server registration.

The Run As identity may be configured during registration interactively with a dialog box, or by specifying options on the command line.

Note that the /RUNAS options below must be specified along with one of the /REGSERVER options described above.

If none of the options in the table below are specified, the server displays the Run As configuration dialog box on the right even if /REGSERVERQ(quiet mode) is specified.

The Run As dialog box has three options that determine the context in which BIS will execute:

/RUNASI

/RUNASIP

Causes the server to run as the INTERACTIVE USER. This is the identity of the user that is logged on to the server's console. This is most useful for developers but is not recommended for deployment.

If the P suffix is specified, BIS prompts for credentials using the dialog box if an error occurs.

/RUNASL

/RUNASLP

Runs the server under the identity of the launching (usually anonymous) user. This will normally be the account named IUSR_machinename, where machinename is the name assigned to the machine.

For example, if your machine is named HILO, the anonymous user's name is IUSR_HILO. It is possible for a system administrator to change this, either for all IIS accounts or for just the BIS. If the name of the machine was changed after IIS was installed, this will be the original name of the machine, not the current name. In this case, please see Manual Configuration, below.

Note that this account usually has very limited privileges and BIS will not even be able to start unless you manually give this account write permission in the BIS installation directory. BIS will not be able to access files in other directories, unless you also give it access to those directories, and will not be able to access files on any network volumes unless your machine is joined to a domain and this name is known to the domain server. See your system administrator for details.

If the P suffix is specified, BIS prompts for credentials using the dialog box if an error occurs.

/RUNAS: id, pw

/RUNASP: id, pw

Runs the server using the specified identity. This is the recommended option. id is the login ID and pw is the password. The password is encrypted by Windows, is stored in the registry, and is not retrievable as plain text once the server is registered. However, caution is required when embedding a clear-text password in a batch file that issues the /RUNAS command.

If an id is specified without a pw, the program prompts for the password. This may be a good compromise between convenience and security.

Either the pwid or the pw may be quoted with single or double quotes (required if either contains spaces). The entire parameter string may also be quoted.

Examples:

/RUNAS:myuserid, mypassword
/RUNAS:”my user id”,”my password”
/RUNAS:”my user id,my password”
/RUNAS:”INTERACTIVE USER”

As a special case, the special logon ID of INTERACTIVE USER is recognized and handled as if /RUNASI were specified. Any password is ignored, and quotes are required due to the embedded space.

If the P suffix is specified, BIS prompts for credentials using the dialog box if an error occurs.