 |
|
| PC Files Server Administration |
Authentication
Authentication enables PC Files Server system administrators to secure the server and enforce security. You can configure PC Files Server so that a User ID and a password are required to connect to a server and access files. You can also configure PC Files Server on specific hosts to require a User ID and password.
All the commands that allow server access support user authentication. The credentials supplied to PC Files Server are verified against the Windows login database. These are the same credentials that are required to interactively logon to a PC.
SERVERUSER=, SERVERPASS=, and SSPI= options have been added to the LIBNAME statement, and the IMPORT and EXPORT procedures. Use these options with PC Files engine to supply credentials to the PC Files Server.
See the LIBNAME Statement: PC Files on Microsoft Windows and the File Format-Specific Reference for the IMPORT and EXPORT Procedures.
Note: If the client PC is on a domain, the credentials are compared
to the domain data, instead of the local data. ![[cautionend]](../../../../common/63294/HTML/default/images/cautend.gif)
| Access to PC Files Server |
Access to the server is granted only if the credentials supplied are valid on the target PC. When connecting from a UNIX workstation to the PC, the UNIX credentials (User ID and password) can be different from the credentials used to access the PC files.
| Access to Individual Files |
After the server is secured, the server administrators can enable security settings at the file level. When a server connection is established, access to individual files is secured using the credentials specified by the user. File access is administered as if the client is logged on to that PC.
| System Administrator Tasks |
To enforce a security policy, the system administrator should ensure that the
-
Local security policy is configured, see Local Security Policy Configuration.
-
Server authentication is configured, with PC Files Server desktop application. Start
![[arrow]](../../../../common/63294/HTML/default/images/arrow.gif)
All Programs SAS PC Files Server. Select Authentication
Required. See
Service Options. -
64-bit PC Connections: Allow Integrated Windows Authentication (SSPI). This option is for clients on PCs running 64-bit Windows connecting to PC Files Server. Credentials are exchanged between the server and the client. The client does not have to explicitly set credentials. See Service Options.
-
Access to the server requires a User ID and password using the SERVERUSER= and SERVERPASS= options. For a 64-Bit Windows environment, you can also use the SSPI= option.
| Windows Vista Security Model |
The enhanced Windows Vista Security Model is designed to make it more difficult for viruses, and other software that interferes with computer functions, to install themselves on the PC. When logged in as "Administrator" or part of the "Administrators Group", certain privileges are temporarily not available to the operating system. The privileges are returned when needed and confirmed by "Windows needs your permission to continue" dialog box. This guarantees the user is aware of potential security risks.
When starting the server on Windows Vista, manual intervention is required to enable permissions. The confirmation is not required when running the server as a Windows service or if the Windows Vista security features have been disabled.
|
|
Copyright © 2010 by SAS Institute Inc., Cary, NC, USA. All rights reserved.