mibuso.com
Home NAV/Navision Classic Client

NAs Permissions

StyvieStyvie Member Posts: 77
edited 2006-03-14 in NAV/Navision Classic Client
Does anyone have an idea of what exacts rights NAS requires to run on a Windows Server 2003 server.

I have added the NAS user (my windows login account) to the Power Users, and NAS refuses to start. The service does not respond in a timely fashion, and the Service Control manager states that the service did not respond in 3000 milliseconds etc.

(For test purposes, NAS does very little once logged in, just writes a message to a log to verify login).

We then added the NAS user to the Administrators group and NAS starts perfectly.

I have a client who is not happy with having this sort of account in the administrators group.

Any ideas how to get around this ?

Thanks.

Comments

  • andrejsmandrejsm Member Posts: 122
    Full information about permission setup could be found in the "Navision - Security Hardening Guide.pdf", which is on the porduct CD and on the partnersource.
    Andrejs Muraskins
  • DenSterDenSter Member Posts: 8,307
    Is the NAS User a valid user in Navision? It's usually a matter of creating the user in Navision (don't forget roles and permissions), and making sure that the windows account has permissions to be used as a service account. It should not be necessary to make the NAS user a member of the admin group.
    Daniel Rimmelzwaan
    RIS Plus, LLC
  • StyvieStyvie Member Posts: 77
    My NAS account has logon as a service right, and is a valid Windows User in Navision, and logs in correctly once the user is part of Local Administrators group.

    When the user is a power user, I just get no response from the service, and it fails to start. Not even an error message in Application log. Service log says that the service failed to respond in a timley fashion.

    The Security Hardening Guide only says that the NAS account should not be part of the administrators group.... nothing more.

    Any ideas of how I can find what the error is ?

    We are using 3.7B Navision on SQL 2000.
  • DenSterDenSter Member Posts: 8,307
    Is your NAS trying to write a test message to a restricted folder or something? I've never heard that the Windows user must be part of the admin group.
    Daniel Rimmelzwaan
    RIS Plus, LLC
  • StyvieStyvie Member Posts: 77
    I wish it was that complicated...

    My NAS is writing a message to a Navision table (Log table) that it has full access to.

    This is just for test purposes. In reality it will be listening for MSMQ messages etc...

    NAS has role SUPER allocated to it.
  • DenSterDenSter Member Posts: 8,307
    That is really weird. Can you try commenting out all the writing stuff (i.e. take away everything that oyu need any type of permission for) and simply putting in a MESSAGE. I always start my NAS projects with a codeunit with a simple message ("NAS started successfully") that should then show up in the event log.
    Daniel Rimmelzwaan
    RIS Plus, LLC
  • StyvieStyvie Member Posts: 77
    Tried that as well... I have messages to say "Started Successfully"..."Writing to Log", "Successfully written to Log" etc...

    No messages.. not even the usual NAS startup one appears in the event log if the user is not a local administrator.

    Whats even stranger to me, is that if I change the credentials to a non-admin account that does not have a login to the database, I get the usual, "Incorrect user name and password" in the event log.

    Think I am going to have to leave it as admin for now... maybe I will find the problem after a while.
  • DenSterDenSter Member Posts: 8,307
    So just to get it straight...

    You have a Windows login (say john.smith) set up with the SUPER role in Navision. This login permissions to run as a service.

    If this account is a member of the admin group, you can get NAS to start. When you take the admin group away, NAS won't start?
    Daniel Rimmelzwaan
    RIS Plus, LLC
Sign In or Register to comment.