THE INFORMATION IN THIS ARTICLE APPLIES TO:
- EFT Insight, all versions
Insight appears to create a couple of accounts during installation. What are these accounts for?
Q. Insight appears to create a couple of accounts during installation. What are these accounts for?
A. The InsightDB_MigrationLogin account is used to create the Insight tables and alter the tables when needed. This user is a db owner.
The InsightDB_Login account is used to insert and read data in the Insight database. This user is a db reader and writer.
Q. Are these accounts local to Insight? Are they windows accounts? Are they also present in the database? What role are they assigned?
A. These are SQL Server database logins. They are not Windows accounts.
Q. How are these accounts protected? Are the passwords static or random or?
A. EFT creates a random password for each account.
Q. What rules does EFT use to generate the random password? Does it use window’s complexity rules? Or its own set of rules?
A. The password is 20 characters long and is created by a third-party password generator (https://nsis.sourceforge.io/Pwgen_plug-in)
Q. Can the generated passwords be modified?
A. If the SQL Server administrator changes these passwords in SQL Server, the new passwords need to be updated in Insight’s web.config and Globalscape.BI.ProcessingEngine.Service.exe.config. These files need to be decrypted before changes can be made.
Q. How do I decrypt web.config?
A. To decrypt web.config:
- Create new folder to work in, e.g., C:\temp or your desktop.
- Copy the web.config file from C:\inetpub\EFTInsight\Api to C:\temp
- Create a batch file called decrypt.bat with the following line:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "C:\inetpub\EFTInsight"
- Right-click the batch file and run it as administrator. The file is now decrypted, and passwords can be changed.
If you want to keep the file unencrypted, you can now move it back to the original location and use it as is.
If you want to encrypt the file again:
- The file should already be in the folder C:\temp
- Create a batch file called encrypt.bat with the following line:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "C:\inetpub\EFTInsight"
- Right-click the batch file and run it as administrator.
- Move the file back to the folder it came from.
The other file that needs to be changed is C:\Program Files (x86)\Globalscape\EFT Insight\Globalscape.BI.ProcessingEngine.Service.exe.config.
To decrypt this file, do the same as for the web.config. However the file needs to be renamed to web.config, because the aspnet_regiis.exe expects the file name to be web.config.
Q. Why change the passwords in two places?
A. Insight has two different applications, one service that moves data from ARM to InsightDB, and one web application that serves data from InsightDB to the user through a web interface.