Configuring a User Account
By default, Sous-processus Arbortext PE run under a special user account called SYSTEM that has restricted access. You may want to configure Arbortext Publishing Engine to run under a specified user account.
The default Arbortext Publishing Engine user account doesn't have network privileges, so it can't access any network resources such as a file on another host or a remote printer. For example, if you were to write a custom Arbortext Publishing Engine application that sends a print job to a network printer, you would need to configure Arbortext Publishing Engine to run under a specified user account.
If Arbortext Publishing Engine needs to specify a file on a network using a UNC path (uniform naming convention, which takes the form \\servername\sharedir), the default Arbortext Publishing EngineSYSTEM account wouldn't be able to access it. However, a user account can be configured to access files specified with the UNC format if the user account has the proper permissions and the UNC file system shares the directories with the Arbortext Publishing Engine user account.
If Arbortext Publishing Engine is configured to run as a specified user account, you must log in using that account if you want to run Arbortext Publishing Engine Interactive. When Arbortext Publishing Engine is configured this way, Windows doesn't allow Arbortext Publishing Engine Interactive to run under a different user account for security reasons. However, any Administrator level user account can run the Configuration d'Arbortext Publishing Engine program.
When you are configuring Arbortext Publishing Engine to run as a specific user account on Windows, the Arbortext Publishing Engine user account:
• should have internet access as it handles HTTP traffic.
• should have an interactive login so that someone can log in to perform testing and troubleshooting.
• should have a password that doesn't expire so that Arbortext Publishing Engine won't suddenly terminate if the account is locked without warning. Of course, passwords should still be changed regularly.
• should have a default printer selected in the Windows Printers window. The default printer must be a PostScript printer if you will be producing PostScript.
• can be set up to access network resources using a UNC path, if needed.
• does not need to have local administrator privileges on the server that it's installed on.
To set up Arbortext Publishing Engine as a specific user account:
|
Your site may have security policies in place that require an IT administrator familiar with those policies to perform these steps.
|
You'll need to set permissions and restrictions for a specified Arbortext Publishing Engine user account. The system administrator familiar with setting up user accounts, especially your site's security policies and user privileges, may need to perform the following steps.
1. You should be logged in with Administrator privileges on the host machine where Arbortext Publishing Engine is installed.
2. In Administrative Tools, open Computer Management. In the Computer Management window, find the Local Users and Groups folder and display the Users folder under it. From the Action menu of the Computer Management window, choose New User, In the New User window, create a new account and its password. Set the properties you want for the password and click Create.
3. In Administrative Tools, open Local Security Policy. In the Security Settings window, display the Local Policies folder under it. Click the User Rights Assignment subdirectory to display a list of possible settings. Find Log on as a batch job in the Policy list and double click on it.
4. In the Log on as a batch job Properties dialog box, click the Add User or Group button. In the Select Users or Groups dialog box, be sure the object type includes Users and the Location is the local server machine. Enter the Arbortext Publishing Engine user account name in the object name text box. Click the OK button to return to Log on as a batch job Properties. Click OK to save changes and close the dialog box.
Set any other privileges you want for this account.
5. In Administrative Tools, open Component Services and navigate to > > . Find and display the Properties for the Arbortext Editor entry by right clicking on the entry.
6. In the Arbortext Editor Properties dialog box, click the Identity tab.
Choose the This user option. Fill in the User and Password fields for the Arbortext Publishing Engine account you created. You need to specify the domain or computer name as well as the user name; enter the account name and then click the Browse button to specify the User information.
7. Click OK to accept the changes to Arbortext Editor Properties. Click OK again to exit.
8. You may need to check that the Arbortext Publishing Engine user account has permission to write to some specific directories. For example, you will want to be sure it can write to temporary or log directories of the Windows system and other applications, such as the servlet container directories that store log files. For instance, you would want to check permissions for the following:
◦ The temporary directory set by the System's environment variable.
◦ Java log and temporary directories for the servlet host application, for example, Tomcat’s logs and temp directories. On the Arbortext Publishing Engine index page, click the Java Properties link to retrieve the JVM System Properies page. The java.io.tmpdir property value will display the location.
◦ For Windows Server 2008, you should check the C:\ProgramData directory.
◦ Check any file path specified in the e3config.xml file, such as the transaction archive directory.
Right click on the appropriate directory and choose Properties. Choose Security and check if the Arbortext Publishing Engine user account is in the list and has Full Control. If not, you will need to add the Arbortext Publishing Engine user account and give it Full Control for the folder.
9. Restart the system. The next time Arbortext Publishing Engine runs, it will run as the Arbortext Publishing Engine user account you created.