3.4.2 Operation by general user accounts

When executing Cosminexus HTTP Server as a service, the user account is LocalSystem at the time of installation. Cosminexus HTTP Server, including CGI programs and the API connection module, is executed by this user account.

This section describes how to operate Cosminexus HTTP Server by using a general user account to which only permissions required for operation have been set, without belonging to a group that has various permissions.

Organization of this subsection
(1) Creating a general user account
(2) Assigning the user permissions
(3) Changing the service logon account
(4) Specifying access permissions for directories and files
(5) Starting the service
(6) Notes

(1) Creating a general user account

This section describes how to create a general user account to start Cosminexus HTTP Server service.

How to create a general user account
  1. From the Control Panel, open Administrative Tools, and then Computer Management.
  2. In Computer Management, open System Tools, Local Users and Groups, and then Users.
  3. From the Action menu, select New User, and then enter the necessary information.
    Be sure to enter a password. Also, specify whether the password never expires.

By default, group settings are added to a created general user account. Execute the following procedure to delete the group settings.

How to delete group settings
  1. From the Control Panel, open Administrative Tools, and then Computer Management.
  2. In Computer Management, open System Tools, Local Users and Groups, and then Users.
  3. Show the Properties of the new user, and then display the Member Of tab.
  4. Delete the registered groups.

(2) Assigning the user permissions

This section describes how to assign user permissions to the created general user account.

How to assign user permissions
  1. From the Control Panel, open Administrative Tools, and then Local Security Policy.
  2. Open Security Settings, Local Policies, and then User Rights Assignment.
  3. Double-click Log on as a Service to open it.
  4. Click the Add user or group button, and then add the corresponding user account.

Even if you do not explicitly specify the Log on as a Service permission, the permission is automatically added to the general user that changed the service logon account. For details about changing the service logon account, see (3) Changing the service logon account.

(3) Changing the service logon account

This section describes how to change the Cosminexus HTTP Server service logon account to the general user account.

How to change the service logon account
  1. From the Control Panel, open Administrative Tools, and then Services.
  2. Display the Properties of the Cosminexus HTTP Server service, and then open the Log On tab.
  3. Select the This account radio button, and then specify the general user account. Enter the password that you specified in (1) Creating a general user account correctly.

(4) Specifying access permissions for directories and files

Add full control permissions for the created general user account to the access permissions for directories and files that Cosminexus HTTP Server accesses.

(5) Starting the service

Start the Cosminexus HTTP Server service by using an account that permission to start services. The general user account does not this permission.

(6) Notes

To use the hwstraceinfo command, execute it from a general user account specified in (3) Changing the service logon account. You cannot execute the command by using a user account with Administrators permissions.