Creating I/NET Seven User Group

Issue

Creating I/NET Seven User Group

Environment

All I/NET Seven systems

Cause

During routine I/NET Seven Host PC software installation, the Windows operating system group "Everyone" provides access to the I/NET Directory under "Program Files." This configuration works efficiently for most installations operating over an isolated Ethernet network.

However, this configuration grants access to all users and may concern IT administrators tasked with protecting and managing company assets, data and employees. To eliminate this security concern, IT administrators typically create special groups and policies to manage data and restrict access across their Ethernet networks. If this is a concern in your installation, you may create an "InetUsers" Group to restrict access.

Resolution

Please see Customer Advisory CA-2004-03.

To create an "InetUsers" Group to which system users may be assigned, follow the steps outlined in this section. Creating such a group allows you to install I/NET Seven Host PC software on an Ethernet network while conforming to IT policies regarding restricted data access.

"Local Users and Groups" is a tool used for managing such access and is available on the following operating systems:

• Windows 2000 Professional
• Windows XP Professional
• Member Servers running Windows 2000 Server

A local user or group is an account that can be granted rights and permissions from your computer. Domain or global users and groups are managed by your network administrator. You can add local users, global users, and global groups to local groups. However, you cannot add local users and groups to global groups.

"Local Users and Groups" is an important security feature, because you can limit the ability of users and groups to perform certain actions by assigning rights and permissions.

• "Right" authorizes a user to perform certain actions on a computer, such as backing up files and folders or shutting down a computer.
• "Permission" is a rule associated with an object (usually a file, folder or printer) and it regulates which users can have access to the object and in what manner.

"Local Users and Groups" is not available on domain controllers. Use "Active Directory Users and Computers" to manage global users and groups.

"InetUsers" Group Setup

Creating a Group

You need to perform the following procedure in order to create an I/NET users group. Then, assign individuals to the I/NET users group in Windows. This will restrict access to I/NET directory to members of that group. By following this procedure, you will be maintaining the “Local Administrative” rights required for I/NET Seven to operate while remaining in compliance with IT policies. If you do not have I/NET running as a “Local Administrative” right on your PC, parts of the program will fail or not function correctly.

Note: You must log on with Administrative rights on the local machine to perform the following steps. To create a new local group:

1. Open Computer Management (right click My Computer and select Manage).
2. In the console tree, click Groups.
3. Click Action, and then click New Group.
4. In Group Name, type a name for the new group. We recommend “InetUsers.”
5. In Description, type a description of the new group.
6. Click Create, and then click Close.

Notes:

• To add one or more users to a new group, click Add following Step 5.
• A local group name cannot be identical to any other group or user name on the computer being administered. It can contain up to 256 lowercase characters except for the following:
  " / \ [ ] : ; | = , + * ? < >
  A group name cannot consist solely of periods (.) or spaces.

Assigning the Group to I/NET

1. Open Windows Explorer o My Computer o Select the drive that I/NET Seven is on o Program files o InetSeven
2. Right click InetSeven and select Properties.
3. Select the Security tab.
4. Select the ADD button.
5. Choose the Location button in Windows XP – Choose Look in button for Windows 2000.
6. Scroll until you find the Computer Name of the PC; highlight this PC Name.
7. Then choose OK –Win XP only.
8. In the white box, type the InetUser group name and OK.
9. Highlight the InetUser group in the upper window.
10. Give the group Full Control in the Permissions for Administrators window view.
11. Select Apply and then OK.
12. Close out of Windows Explorer.

Regedt32.exe access

1. Go to the bottom task bar and choose Start.
2. Select the Run option.
3. Type Regedt32
4. Select OK.
5. Choose HKEY_LOCAL_MACHINE
6. Choose Software.
7. Select CSI-Control Systems International and highlight.
8. On the top task bar, select the Security tab.
9. Choose Permissions.
10. Select the ADD button.
11. Choose the Look In button, making sure the location is the Computer Name of your PC.
12. Scroll to find the InetUsers group.
13. Select the ADD button and then OK.
14. With the InetUsers group highlighted, give the group Full Control permissions.
15. Choose the Apply button.
16. Choose the OK button.
17. Go to the top Task bar and choose Registry, then Exit.

After you have completed these steps, close Windows and log off as Administrator. Log on as a User, and then launch I/NET Seven.

Recommendation

Review this advisory with individuals responsible for purchasing, installing or maintaining I/NET Seven systems. For more information, contact your Schneider Electric representative.