Introduction

Microsoft Windows support two types of user accounts; local and global accounts. A local account is registered on a machine and does not exist outside the machine (eg. the account cannot own files except those on the machine). A global account is registered on a primary domain controller (PDC) and can be used on any machines in the network (eg. the account can own files on a network drive).

When specifying a user name in Microsoft Windows Services for UNIX the format is domain+username. When the user account is local, the domain name is the same as the machine name (except for PDCs where it is the domain the PDC manages). Note the standard Windows format domain\username may also be used, but is not recommended as the Korn shell interprets the backslash character. Every Windows machine is registered in a domain itself, called the primary domain. If the domain a user is in is the same as the primary domain the leading domain qualifier is not required.

Vitalware requires two accounts to be setup. The first is a user account called vw, which is used to administer KE Vitalware. The second account is a group called vwadmin. For security reasons it is recommended that the vw and vwadmin accounts are local (although they may be global if required). Only user vw should be a member of group vwadmin to preserve data security.

The installation notes assume that the vw user account and the vwadmin group account are local.

Where the user [vw] appears in square brackets the vw account name should be substituted. Where the account is in the primary domain the name vw may be used, for all other instances the name domain+vw must be used.

Where the group [vwadmin] appears in square brackets the vwadmin account name should be substituted. Where the account is in the primary domain the name vwadmin may be used, for all other instances the name domain+vwadmin must be used.

There are up to six steps required in setting up the required user and group accounts. They are:

1. Determine primary domain
2. Windows XP Professional
   • Add user vw
   • Add group vwadmin
3. Windows 2000 Professional
   • Add user vw
   • Add group vwadmin
4. Windows 2000 Server
   • Add user vw
   • Add group vwadmin
   • Allow Log on locally privilege
5. Windows 2003 Server
   • Add user vw
   • Add group vwadmin
   • Allow Log on locally privilege
6. Create vw home directory

It is only necessary to alter the Log on locally privilege for Windows 2000/2003 Server machines. The Professional versions of Windows do not require this privilege. The Log on locally privilege allows a user in the domain to log on to the server machine. Each user who will run Vitalware on the server requires this privilege.

Determining the primary domain

1. Log in as local Administrator.
2. Start a Korn Shell with Start>Programs>Windows Services for UNIX>Korn Shell.
3. Enter pdomain. The output of the command is the name of the primary domain.
4. Enter exit to terminate the shell.
5. It is recommended that you create the user account on the machine that controls the domain listed. The group account should be created on the machine on which Vitalware is being installed.

Windows XP Professional - Adding user vw

1. Log in as local Administrator.
2. Open Start>Control Panel, if not in Classic View then switch from Category View to Classic View.
3. Double-click through to Administrative Tools>Computer Management>Local Users and Groups.
4. In the left hand window pane expand the Local Users and Groups folder and click the Users folder.
5. Select New User... from the Action menu.
6. The New User dialog box will open.
7. Enter a User Name: vw (do not use DOMAIN+vw here).
8. Enter a Full Name: KE Vitalware Administrator
9. Enter a Description: (leave empty)
10. Enter a Password:
    In order for the SFU security system to function automatically the vw account must have a password and the password must not be modified.
11. Re-enter the password in Confirm Password:
12. Uncheck User Must Change Password at Next Login.
13. Check User Cannot Change Password.
14. Check Password Never Expires.
15. Add the user by clicking the Create button.
16. Close the Add User dialog box.
17. Double-click on the vw user in the user list on the right-hand-side of the User and Groups window.  The vw Properties dialog box will appear.
18. Select the Profile tab.
19. In the Home Folder section enter the full Local path:  where KE Vitalware is to be installed.
    Typically this will be c:\home\vw
20. Click the Apply button.
21. Click the OK button.
22. Leave the Users and Groups window open for the next step.

Windows XP Professional - Adding local group vwadmin

1. In the left hand window pane expand the Local Users and Groups folder and click the Groups folder.
2. Select New Group... from the Action menu.  The New Group dialog box will appear.
3. Enter vwadmin as the Group Name.
4. Enter KE Vitalware Admin as the Description.
5. Click the Add... button and the Select Users or Groups dialog box will appear.
6. Click the Locations... button and the Locations dialog box will appear.
7. Select the name of the domain user vw belongs to and click OK.
8. Enter vw into the Enter the object names to select: box. Click OK.
9. If vw is not in the local domain, the Enter Network Password dialog box will appear. Enter a User name: and Password: of a user registered in the domain in which vw is a member. Click OK.
10. Click Create to add the new group. 
11. Click Close to close the dialog.
12. Close the Users and Groups window.
13. Close User Accounts dialog box.
14. Close Control Panel.

Windows 2000 Professional - Adding user vw

1. Log in as local Administrator.
2. Open Start>Settings>Control Panel and double-click on the Users and Passwords icon.
3. Select the Advanced tab and click on the Advanced... button.
4. Double-click the Users folder in the Users and Groups list on the left-hand-side.
5. Select New User... from the Action menu.
6. The New User dialog box will open.
7. Enter a User Name: vw
8. Enter a Full Name: KE Vitalware Administrator
9. Enter a Description: (leave empty)
10. Enter a Password:
    In order for the SFU security system to function automatically the vw account must have a password and the password must not be modified.
11. Re-enter the password in Confirm Password:
12. Uncheck User Must Change Password at Next Login.
13. Check User Cannot Change Password.
14. Check Password Never Expires.
15. Add the user by clicking the Create button.
16. Close the Add User dialog box.
17. Double-click on the vw user in the user list on the right-hand-side of the User and Groups window.  The vw Properties dialog box will appear.
18. Select the Profile tab.
19. In the Home Directory section enter the full Local Path:  where KE Vitalware is to be installed.
    Typically this will be c:\home\vw
20. Click the Apply button.
21. Click the Close button.
22. Close the Computer Management window.
23. Close Administrative Tools window.
24. Close Control Panel.

Windows 2000 Professional - Adding local group vwadmin

1. Log in as local Administrator.
2. Open Start>Settings>Control Panel and double-click on the Users and Passwords icon.
3. Select the Advanced tab and click on the Advanced... button.
4. Double-click the Groups folder in the Users and Groups list on the left-hand-side.
5. Select New Group... from the Action menu.  The New Group dialog box will appear.
6. Enter vwadmin as the Group Name.
7. Enter KE Vitalware Admin as the Description.
8. Click the Add... button and the Select Users or Groups dialog box will appear.
9. Select the domain user vw is in, in the Look in: list.
10. Find user vw in the Names: list. Double click on the entry to add vw.
11. Click OK to close the dialog.
12. Click Create to add the new group. 
13. Click Close to close the dialog.
14. Close the Users and Groups window.
15. Close Users and Passwords dialog box.
16. Close Control Panel.

Windows 2000 Server - Adding user vw

1. Log in as local Administrator.
2. Open Start>Programs>Administrative Tools>Active Directory Users and Computers.
3. Double-click the Users folder in the Tree pane on the left-hand-side.
4. Select New>User from the Action menu.
5. The New Object - User dialog box will open.
6. Enter a First Name: KE Vitalware
7. Enter a Full Name: KE Vitalware Administrator
8. Enter a User logon name: vw
9. Click Next>.
10. Enter a Password:
    In order for the SFU security system to function automatically the vw account must have a password and the password must not be modified.
11. Re-enter the password in Confirm Password:
12. Uncheck User must change password at next login.
13. Check User cannot change password.
14. Check Password never expires.
15. Click Next>.
16. Add the user by clicking the Finish button.
17. Double-click on the vw user (KE Vitalware Administrator) in the user list on the right-hand-side of the Active Directory Users and Computers window.  The KE Vitalware Administrator Properties dialog box will appear.
18. Select the Profile tab.
19. In the Home folder section enter the full Local path:  where Vitalware is to be installed.
    Typically this will be c:\home\vw
20. Click the Apply button.
21. Click the OK button.
22. Close the Active Directory Users and Computers window.

Windows 2000 Server - Adding local group vwadmin

1. Log in as local Administrator.
2. Open Start>Programs>Administrative Tools>Active Directory Users and Computers.
3. Double-click the Users folder in the Tree pane on the left-hand-side.
4. Select New>Group from the Action menu.  The New Object - Group dialog box will appear.
5. Enter vwadmin as the Group name:.
6. Click Domain Local in the Group scope group box.
7. Click OK to add the new group.
8. Double click on group vwadmin in the list of user in the right hand pane. The vwadmin Properties dialog box will appear.
9. Enter KE Vitalware Admin as the Description:.
10. Select the Members tab and click the Add... button. The Select Users, Contacts, Computers, or Groups dialog box will appear.
11. Select the domain user vw is in, in the Look in: list.
12. Find user vw (KE Vitalware Administrator) in the Name list. Double click on the entry to add vw.
13. Click OK to close the dialog box.
14. Click OK to close the vwadmin Properties dialog box.
15. Close Active Directory Users and Computers dialog box.

Windows 2000 Server - Adding Log on locally privilege

The Log on locally privilege is required so that users can start up the Vitalware server on the Windows server machine.

1. Log in as local Administrator.
2. Open Start>Programs>Administrative Tools>Domain Controller Security Policy.
3. The Domain Controller Security Policy dialog box will appear.
4. Open Security Settings>Local Policies in the Tree pane on the left hand side.
5. Click on User Rights Assignment in the left pane to get a list of all local settings in the right pane.
6. Double click on Log on locally and the Security Policy Setting dialog box will appear.
7. Click the Add... button. The Add user or group dialog will appear.
8. Click Browse....The Select Users or Groups dialog will appear.
9. Select each user who will use Vitalware (or a group in which they are all members like Domain Users) in the Name list and click Add.... Also make sure the vw (KE Vitalware Administrator) account has been added.
10. Click OK.
11. Click OK to close the Add user or group dialog box.
12. Click OK to close the Security Policy Setting dialog box.
13. Close the Domain Controller Security Policy window.
14. Reboot the server. New security policies are not recognised by Windows 2000 server machines until the server has been rebooted. Do not continue the installation until that has occurred.

Windows 2003 Server - Adding user vw

1. Log in as local Administrator.
2. Open Start>Programs>Administrative Tools>Active Directory Users and Computers.
3. Double-click the Users folder in the Tree pane on the left-hand-side.
4. Select New>User from the Action menu.
5. The New Object - User dialog box will open.
6. Enter a First Name: KE Vitalware
7. Enter a Full Name: KE Vitalware Administrator
8. Enter a User logon name: vw
9. Click Next>.
10. Enter a Password:
    In order for the SFU security system to function automatically the vw account must have a password and the password must not be modified.
11. Re-enter the password in Confirm Password:
12. Uncheck User must change password at next login.
13. Check User cannot change password.
14. Check Password never expires.
15. Click Next>.
16. Add the user by clicking the Finish button.
17. Double-click on the vw user (KE Vitalware Administrator) in the user list on the right-hand-side of the Active Directory Users and Computers window.  The KE Vitalware Administrator Properties dialog box will appear.
18. Select the Profile tab.
19. In the Home folder section enter the full Local path:  where Vitalware is to be installed.
    Typically this will be c:\home\vw
20. Click the Apply button.
21. Click the OK button.
22. Close the Active Directory Users and Computers window.

Windows 2003 Server - Adding local group vwadmin

1. Log in as local Administrator.
2. Open Start>Programs>Administrative Tools>Active Directory Users and Computers.
3. Double-click the Users folder in the Tree pane on the left-hand-side.
4. Select New>Group from the Action menu.  The New Object - Group dialog box will appear.
5. Enter vwadmin as the Group name:.
6. Click Domain Local in the Group scope group box.
7. Click OK to add the new group.
8. Double click on group vwadmin in the list of user in the right hand pane. The vwadmin Properties dialog box will appear.
9. Enter KE Vitalware Admin as the Description:.
10. Select the Members tab and click the Add... button. The Select Users, Contacts, Computers, or Groups dialog box will appear.
11. Select the domain user vw is in, in the Look in: list.
12. Find user vw (KE Vitalware Administrator) in the Name list. Double click on the entry to add vw.
13. Click OK to close the dialog box.
14. Click OK to close the vwadmin Properties dialog box.
15. Close Active Directory Users and Computers dialog box.

Windows 2003 Server - Adding Log on locally privilege

The Log on locally privilege is required so that users can start up the Vitalware server on the Windows server machine.

1. Log in as local Administrator.
2. Open Start>Programs>Administrative Tools>Domain Controller Security Policy.
3. The Domain Controller Security Policy dialog box will appear.
4. Open Security Settings>Local Policies in the Tree pane on the left hand side.
5. Click on User Rights Assignment in the left pane to get a list of all local settings in the right pane.
6. Double click on Allow log on locally and the Security Policy Setting dialog box will appear.
7. Click the Add... button. The Add user or group dialog will appear.
8. Click Browse... The Select Users or Groups dialog will appear.
9. Select each user who will use KE Vitalware (or a group in which they are all members like Domain Users) in the Name list and click Add.... Also make sure the vw (KE Vitalware Administrator) account has been added.
10. Click OK.
11. Click OK to close the Add user or group dialog box.
12. Click OK to close the Security Policy Setting dialog box.
13. Close the Domain Controller Security Policy window.
14. Reboot the server. New security policies are not recognised by Windows 2003 server machines until the server has been rebooted. Do not continue the installation until that has occurred.

Creating the vw home directory

The home directory for the vw user account must now be created. It is very important that the home directory is created via Microsoft Windows Services for UNIX so that the correct permissions are given to the directory. These notes assume the vw home directory is c:\home\vw and that the home directory does not exist. If the directory already exists it is advisable to rename it so that a new directory can be created. 

1. Log in as local Administrator.
2. Start a Korn Shell with Start>Programs>Windows Services for UNIX>Korn Shell.
3. Enter mkdir  -p  /dev/fs/C/home/vw
4. Enter cd  /dev/fs/C/home
5. Enter chmod  755  vw
6. Enter chgrp  [vwadmin]  vw    (expand [vwadmin] - see above)
7. Enter chown  [vw]  vw         (expand [vw] - see above)
8. Enter exit to terminate the Korn shell.