E10 Admin Consoel App userid's

system · August 17, 2016, 9:30am

<p>Calvin,</p>
<p>The dedicated account is an administrator on the app server.Â  I
  typically log into the server as that user, set all web app pools,
  task agent, and all service connect services to run as that user.Â 
  The account needs to be mapped to a user in Epicor and that users
  should have access to all companies, plants, and &quot;allow session
  impersonation&quot; for the task agent.<br>
</p>
Thanks,<br>
Tanner<br>
<br>
<div class="ygrps-yiv-602003315moz-cite-prefix">On 8/16/2016 2:06 PM,
  <a rel="nofollow" class="ygrps-yiv-602003315moz-txt-link-abbreviated" target="_blank" href="mailto:ckrusen1@...">ckrusen1@...</a> [vantage] wrote:<br>
</div>
<blockquote><span title="qreply"> <blockquote type="cite"> <span

style=“display:none;”>Â

      <div id="ygrps-yiv-602003315ygrp-text">
        <p>Thanks - I wasn&#39;t looking for advice on password
          practices. Â Just on accounts for various parts of the
          system.</p>
        <div><br>
        </div>
        <div>We too have a dedicated domain account whose pw never
          expires. Â Is that the account used in setting up the App
          in the Admin Console? Â </div>
        <div>Does that AD account map to an Epicor user in E10?</div>
        <div><br>
        </div>
        <div>Thanks again,Â </div>
        <div><br>
        </div>
        <div>Calvin</div>
      </div>
      
  
  
</blockquote>
<br>

system · August 15, 2016, 11:24am

I set up E10 and when ever the App Configurations using Windows Authentication. Whenever a user id & pw was required I entered mine (I have admin rights).

Reviewing the App Server Configuration settings, the Application Pool user is set to my user id. Or system requires a change to users pw's every 90 days.

When I change my password, will this then "break" E10?

What are the best practices for the accounts used for setting up and running E10?

* App Server \ App Server Settings \ Application Pool
* Task Agent
* Epicor ICE Task Agent Service \ Log On

And what AD (active Directory) accounts used are required to have an Epicor user?

I currently have:

1. AD account '_glbl_epicor' This AD's pw never expires.

2. AD account 'ckrusen' This This AD's pw must be changed regularly.

3. I logon to the App server (to run Epicor Admin Console) with the ckrusen account

4. Configure App Server Site Properties \ Application Pool to use ckrusen account

5. Created a Epicor User 'ckrusen', with domain: <our domain> and OS user: ckrusen

6. Created a Epicor User 'print', with no domain or OS user

7. Created a Epicor User 'manager', with domain: <our domain> and OS user: _glbl_epicor

8. Created a System Agent (in E10) using epicor id 'print'

9. Created Task Agent (in Admin Console \ Task Agent Service Config for 3.1.400.0) for App with user id 'print'

#4 is what worries me.

Any comments would be greatly appreciated.

system · August 16, 2016, 10:04am

We are running single sign-on and use a dedicated domain account to act as an Epicor service account with no password expiration to run all Epicor services. I don't know what best practice is as far as password expiration is, but it has been my experience that things get missed when expiring passwords on services (and some poorly written software has these passwords stored in other places).

Thanks,
Tanner

system · August 16, 2016, 3:06pm

Thanks - I wasn't looking for advice on password practices. Just on accounts for various parts of the system.

We too have a dedicated domain account whose pw never expires. Is that the account used in setting up the App in the Admin Console?

Does that AD account map to an Epicor user in E10?

Thanks again,

Calvin