1. Manuals
  2. Brands
  3. AGFA Manuals
  4. Server
  5. IMPAX AS300
  6. Installation manual

Groups And Accounts Created For Impax - AGFA IMPAX AS300 Installation Manual

Impax 6.3
Hide thumbs
Table of Contents

Advertisement

• All IMPAX services are configured to run under restricted user accounts that can access only the
resources they need. These accounts are created during the IMPAX installation.
• To ensure that the SQL database account used for access does not have administrative privileges,
access to dangerous and unnecessary extended stored procedures is removed or disabled. Limiting
the privileges of the account reduces the risk of SQL injection attacks or exposure to other database
vulnerabilities. For each extended stored procedure that must be armored, the armoring script
denies the execute permission for the SQL Server account used by IMPAX (mvf).
• IPSEC policy filters are created and applied to block external access to unused ports. The intent
is to block ports that are not in use and where insecure services could reside if accidentally
configured and started. As DICOM devices are added to the system, the IPSEC filters are adjusted
to allow communication to these external devices. These filters are listed in the local security
policy as dynamic filters.
Tip:
For more information on security, including the list of services disabled by the IMPAX installation
and the security policies applied, refer to the Administration Tools component of the IMPAX 6.3
Server Knowledge Base .

Groups and accounts created for IMPAX

During the IMPAX installation, the ImpaxServerGroup group is created and the list of files and registry
keys that this group has full access to is configured. The Administrators group is automatically created
by Windows; however, the list of files and registry keys that this group has access to is modified during
the IMPAX installation.
The following accounts are created by the IMPAX installation program. The ImpaxAdminUser account
is created only if you are using a jukebox or non-jukebox archive.
Account
ImpaxSQLUser
ImpaxAdminUser
ImpaxServerUser
IMPAX 6.3 AS300 Installation Guide
Groups they belong to
• ImpaxServerGroup
Backup Operators (for tape
access, if required)
• Administrators
ImpaxServerGroup
• ImpaxServerGroup
Services that run under the account
• MSSQLSERVER
SQLSERVERAGENT
• mvf-sdrive
mvf-archive
• All IMPAX services except Task
Scheduler and those services that
communicate with a tape device
• Task Scheduler runs under the
Local System account
85
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Products for AGFA IMPAX AS300

Table of Contents