cancel
Showing results for 
Search instead for 
Did you mean: 
macgruber
New Member
New Member

Free Flow Core Administrative Privileges

Hello,

I have been asked by our IT security department to determine if Free Flow Core can be run without a blanket administrative privileges being assigned or not. We are currently running several FFC services as a specific user with full admin privileges and when ran a test to see how they would act when we revoked them and had regular user permissions them the main Free Flow Core service fails to start, just hangs at starting service but all the others started fine.

Does anyone have any idea exactly what privileges are needed for this service to start correctly? They are hoping to assign specific privileges to this user instead of full admin privileges.  I did assign R/W access to the FFC folders that I could find but it seems it needs more then that. 

I am not very familiar FFC and have not been able to find any other posts regarding this.

Thanks!

0 Kudos
2 Replies
DavidU54339-XRX
FreeFlow Production Workflow Moderator
FreeFlow Production Workflow Moderator

Re: Free Flow Core Administrative Privileges

One needs to have FFCore at 6.0.0 or later. Use the following procedure:

Pre-Requisites: Create a normal user say “test123” -> Computer Management-> Local Users and Groups -> Users->Add New User

1. Install FFCore in Administrator Account
2. Launch FFCore application and login as an Administrator.
3. Launch Core Configure-> Database Connection ->FreeFlow Core Sevice Accout.
4. Uncheck the option "Check this box to use Built-In Windows Account"
5. Provide Service account credentials
6. Click on Save button, it will pop-up confirmation message to restart the machine->Click on "Yes" button.
7. Now system login as service account
"test123"
8. Launch FFCore application and Try to login.

config.png

0 Kudos
Ken895741-XRXL
Xerox Analyst
Xerox Analyst

Re: Free Flow Core Administrative Privileges

So, first off, the software should be installed using an Administrator account or a user with Admin rights.  However, after the installation, FreeFlow Core mostly does not need users to access the windows desktop.  As such, you will be using the "FreeFlow Core" users which you can set an administrator and then specific user accounts in the FreeFlow Core software (web browser).

Then for the Windows server / computer if a user needs to access the computer, it is possible to add standard users to windows that can of course then access and use FreeFlow Core. They would of course be blocked from doing some things like maybe creating shared network folders etc based on the user credentials. But they can access the FreeFlow Core software via a browser. Then when needed, log on via the admin account to do things like Windows OS updates, create network shares, activate FreeFlow Core licenses or update FreeFlow Core software (should always be done with admin account).

I would not recommend running any of the FreeFlow Core services on only a 'user' account. Some modules will fail to run due to insufficient access rights. Often the specific module licenses will not activate.

I have many customers where IT sets up the server OS using their admin accounts, install Core, then we validate the software is running and working, setup an admin and users in the FreeFlow Core software, and then pass it over to the users. At that point, none of the users have access to the windows server. When needed, we contact IT, run the necessary updates and move on. Thus the users dont need admin rights (but it is much easier when someone in production has the admin rights when needed).

Hope this helps

0 Kudos