This document will guide you through how to use the WIN-911 Security Configuration utility to change the WIN-911 service account and enable or disable HTTP endpoint security for inter-module communication.
WIN-911 consists of several modules which work together to make alarm notification possible. For example, data source modules interface with SCADA software to receive alarms, these alarms are then sent to the Dispatcher, which then routes the alarm to the configured notifier. These modules run as Windows services and communicate with each other over HTTP endpoints. The Windows account that the services run under are also used to authenticate with the SQL instance which stores WIN-911's configuration. Meaning, the account the WIN-911 services run under must be able to authenticate with the SQL instance and have read/write access to the WIN-911 databases.
By default, WIN-911 will run these services under the NT Authority\Network Service account with endpoint authentication disabled. If you would like to change these defaults, the WIN-911 Security Configuration utility can be used to do so.
Note: The WIN-911 Security Configuration utility will be installed with WIN-911 2021 and newer. If you have uninstalled the utility, you can reinstall it using the install in the Tools folder of the WIN-911 installation download.
1. From the WIN911_2021 folder navigate to Tools and run the WIN911_S.exe.
2. Click Next in the Account Change Utility Setup Menu.
3. Accept the license agreement and click Next.
4. Click Next on the Destination Folder screen and then Install on the next screen.
5. The setup will install, click Finish, when prompted by the Setup Menu.
3. Change WIN-911 Service Account
1. From your Windows Start Menu, scroll down to the WIN-911 folder and click the WIN-911 Account Change Utility.
2. Enter in the Account Name and Password you would like to set the Runtime Services and Application Pools for WIN911 to use. Hit Change Account once you have the credentials set. The user account you use must be a local administrator and have the sysadmin role for the SQL instance being used by WIN-911
2A. Click the Browse button to see a list of available local administrator user accounts
Note: The browse function will only show Administrator users.
Note: If the user you attempt to change the account to does not have permissions in the SQL database as Sysadmin you will receive the error message below. You also need to be logged in/running the Utility as a user with Sysadmin for the SQL database.
See the first section of this article for how to add the account to SQL Server: Add account to SQL as sysadmin
3. Once you click Change Account, the process takes time as it will change all of the WIN911 Service Runtimes and all of your WIN911 IIS Application Pools credentials, it may appear that the utility has stopped responding, do not shut the utility down until it has completed. When done the Utility will state the WIN-911 Account Change Completed. Hit Exit, to close the Utility.
4. Contact Support
If you are still experiencing a problem, please submit Support Ticket or contact Product Support at 512-326-1011 x3 or toll free in the US and Canada at 1-800-331-8740 x3