Agile Business Suite 7.0 prompts you with systems or software pre-requisite dialog box to confirm if all the required software has been installed before installing Agile Business Suite 7.0.
Prior to the installation of Agile Business Suite Developer or Agile Business Suite Runtime, an administrator must set up two accounts:
Application User
Application Administrative User
An administrator is allowed to specify which user accounts are used to represent both, the Application User and the Application Administrative User.
Refer to Creating the User Accounts or ???.
It is recommended that for optimal security the accounts are not granted any rights or privileges over and above the minimum required privileges by Agile Business Suite to perform the necessary tasks. If you are installing Agile Business Suite Runtime on a machine which already has an installation of Agile Business Suite Developer operating, you do not need to create a second set of users.
If you wish to have the model database and runtime environment on a server, to which development workstations will connect in a multiuser system and provide debugging functionality, you should carry out these preparation and installation steps for each workstation.
Note: It is not possible to run the setup.executable from a mapped drive using Remote Desktop. For example, you cannot access machine C, which is mapped to machine B, through Remote Desktop which is using machine A. However, you can access setup.exe from machine B so long it is not mapped and uses UNC path instead.
The identity of an Application User is assumed by those Agile Business Suite applications that deal with the normal every day operations. The identity of an Application Administrative User is assumed by those Agile Business Suite applications that are required to perform administrative tasks, which require a higher privilege level. Thus, the likelihood of an elevation of privilege attack is minimized as the Application User, whose identity is assumed by most Agile Business Suite applications that are accessible by normal Agile Business Suite users, is a low privileged account. Those Agile Business Suite applications that are required to run under the identity of an Application Administrative User are properly secured so that normal Agile Business Suite users cannot access them, and therefore cannot launch elevation of privilege attacks.
It is not recommended that the Application Administrative User account should ever be changed after it is initially setup prior to installation. If the account needs changing for security reasons, whether the account is simply renamed or if it is completely deleted and a new account created in its place, the administrator needs to manually replace all references to the old account with the new one.
Creating the User Accounts
To create the Application User, perform the following:
Open Computer Management, accessible from the Administrative Tools folder in the Control Panel.
From the Tree view, expand System Tools\Local Users and Groups.
In the Users folder, right-click and select New User to create a user to represent the Application User. You may refer to the user by any name, however neither the name nor password should contain spaces.
In the New User dialog box:
Clear the User must change password at next logon check box.
Select the Password never expires check box.
After you have created the Application User, repeat the steps above to create a User to represent the Application Administrative User.
Note: Once you have created the Application Administrative User, you must add that user to the Administrators group. Only the application administrator account name should be added to the administrators group. The application user account name should NOT be added to the administrators group.
Configuring the User Accounts
It is important that these user accounts have certain User Rights. These User Rights may already exist for the users, if they have been added to a pre-existing group. If the users do not already possess the User Rights by association with an existing group, they should be configured as follows.
To configure both users, perform the following:
Open Local Security Policy, accessible from the Administrative Tools folder in the Control Panel.
In the Tree view, expand the Local Policies/User Rights Assignment.
Assign the following User Rights to the Application Administrative User:
Access this computer from the network
Act as part of the operating system
Log on as a batch job
Replace a process level token
Assign the following User Rights to just the Application User:
Access this computer from the network
Log on as a batch job
Log on as a service
Close the Local Security Policy dialog box.
Both user accounts are primarily required for the runtime functionality of the Agile Business Suite software, some of which is used for the debugging mechanism in Developer.
These user accounts are created for application purposes only. Do not log in using these account names. Log in using your own login credentials.