Windows authentication with designated account

This feature is not supported in environments that use the Workspace Control Shield API.

When using a Microsoft SQl Database and connecting to it with Windows Authentication, you can specify a Designated Windows account for IWCDatastore access. This makes it possible for the IWCConsole to connect to the Datastore using a designated account if the Console-user does not have Datastore access with his own Windows account. This configuration restricts the designated account access to the database only from the IWCConsole.

The designated account can be configured as follows:

• For new Datastores, in the Datastore Wizard.

• For existing and migrated Datastores, at Setup > Datastore.

After having migrated a Datastore, make sure the designated account is also member of the new Active Directory group.
To check if the specified designated account still works for your migrated or split , on the Datastore node in the , click . A message will be displayed if the designated account does not work for the migrated .

When a user is connected to the Console and a designated Windows account is used for access to the Datastore, switching to another Datastore and back again to the initial Datastore will cause failed connection to the Datastore with the designated account.

Please note that in the Datastore Connection Wizard the credentials of the Datastore connection are displayed. For SQL Server Authentication, the credentials can be changed, for Windows Authentication, the credentials are grayed out.

When using Windows Authentication with a designated account, in the Audit trail (at Diagnostics > Audit Trail) the changes in your environment are logged with the current user information. On your Microsoft SQL Server, the changes in the Datastore are logged with the designated account information.