Microsoft 4.5.X manual Super-User Configuration, Adding new Super-User Groups

Page 85

button. The default timeout period is 20 minutes, but if you have a need to make your environment more secure, you can set this as low as 1 minute.

•Allowed charset – This is the set of characters (case insensitive) which are acceptable in user-defined answers. Both the answer configuration and identity verification login will use this set to filter the answers before performing any queries to the database. This prevents SQL injection attacks and use of SQL escape characters in the answer strings. By default, this includes the letters A-Z, the number 0-9, and the space character.

The Account Reset Console also protects you from other malicious attacks in the following automatic ways:

•Sessions, not cookies – ARCWeb uses only server-side sessions to store login information, not client-side cookies. Names and passwords are not transmitted repeatedly over the network.

•Entirely SSL-capable– ARCWeb can be run on a secure HTTP (HTTPS) web server. This will protect all network communications from interception.

•Server-side answer verification – All user-provided answer strings are checked in the application logic, not transmitted to the database. Thus, your source databases are protected against SQL injection attacks.

Super-User Configuration

Overview

Super-Users, or users who can access the “Configuration” menu in the Account Reset Console, are not set by normal administrators. These users must be set through the Super- User configuration screen. Super-Users have all access rights to the console, although they do not necessarily have any reset rights for other groups (see “Managing Group Access Rights”, above).

Super-User configuration is located under the “Configuration” menu item, in the “Super-Users” tab. The Super-User configuration can be managed by users with super-user account privileges.

Adding new Super-User Groups

Super-Users are designated at the domain or local group level, not by individual user account name. Any domain or local group may be designated as a super-user group.

The group(s) which are granted super-user access will be able to configure the properties of ARC such as database, logging, and verification question information.

Page 78 of 94 - Administration Manual - Copyright 2007 - Lieberman Software Corporation - All Rights Reserved

Image 85

Contents Account Reset Console Administration Guide Table of Contents Page Page Page Page Page Copyright Notice License Agreement Country of Origin Limited Warranty Pre-Usage Considerations Thanks for using the Account Reset Console Welcome to the Account Reset ConsoleAccount Reset Console Web Interface Getting Started Page Page Granting super-user access rights Configuring the Account Reset ConsoleOverview Page Configuring managed domains Setting up data sources and logging Selecting program features Account Reset Features Password Change Features Configuring email Program Access Setting up group permissionsGroup Access Viewing logs Configuring Verification Questions and Answers AdvancedPage Page Page Reviewing Data Security Advanced Updating the application’s appearance Advanced Page Scheduling tasks Advanced Setting up the mobile site AdvancedPage Page Configuring licensing Advanced Changing Your Password Changing Your Own PasswordResetting Accounts Resetting User AccountsLooking Up User Data Account Reset OptionsIdentity Configuration Setting Up Identity Information Log Viewing Options Log ViewingViewing the Access Log Viewing the Action Log Scheduling Management ReportsCreating and Viewing Management Reports Adding Reports Running Reports Immediately Editing Report SettingsViewing Management Reports Report Viewing Options Scheduling Account Tasks Adding Tasks Creating and Viewing Account TasksEditing Task Intervals and Actions Running Tasks ImmediatelyPage Viewing Account Task Reports Report Viewing Options Page Program Access Levels Set Program Access RightsViewing or Deleting Existing Access Rights Adding Access RightsPermission Stacking Group Access Rights Set Group Access RightsGroup Access Permissions Account Reset Options Set Account Reset FeaturesPage Set Password Change Features Password Change Options Page Configuring Email Configuring Email SettingsPage Appearance Managing the Account Reset Console AppearanceAltering the Page Header ColorsCustomizing the Main Menu Customizing the Side Menu Customizing the Page ContentManaging the Mobile Settings Configuring Mobile SettingsViewing Available Data Sources Data SourcesAdding a Data Source How the Account Reset Console tests data sourcesEditing a Data Source Editing a Microsoft SQL Server Data Source Editing a Microsoft Jet Data SourceViewing the Log Configuration Logging ConfigurationEditing a General ADO-Compatible Data Source Changing the Log Database User Verification ConfigurationLog Requirements Adding and Removing Questions Editing Question Configurations Setting the Test UserVerification Query Types String Replaced With Example Designing QueriesPage Managing Domains Domain ConfigurationViewing Domain Details Setting the Default DomainManaging Application Security Application SecurityAdding new Super-User Groups Super-User ConfigurationSuper-User Permissions Viewing or deleting existing Super-User GroupsChanging or Viewing License Information LicensingPage ARCWeb Site Index Appendix a TroubleshootingPage Page