Selecting User Validation Options for the Windows Client

The InterAction Windows Client relies on user accounts and passwords when validating that users attempting to log onto Windows Client are authorized. Depending on the security needs at your organization, you can select different user validation options to collect the user account and password from other sources.

You can configure Windows Client to always require accounts and passwords or set up the software to collect the account information from other sources and bypass the Login dialog box.

This section covers the following areas:

• User Validation Overview
• Bypassing the Login Dialog Box vs. Requiring Users to Enter Their Information
• Configuring Network Validation

User Validation Overview

Logging in to Windows Client always requires two pieces of information:

• An Account Name that exactly matches the account name for a valid user.
• A Password that exactly matches the password for the valid user (stored in the database in encrypted format). This requirement can be waived by allowing passwords with a minimum length of 0.

These items are normally collected in the Login dialog box each time a user starts Windows Client.

Windows Client Login Dialog Box

Once a user is logged in to the system, the user account name determines the folders the user can access according to the defined folder access rights.

You can configure Windows Client to do the following:

• Require users to enter the Account Name and Password each time they log on to the system. This option provides the highest level of security.
• Bypass the Login dialog box by gathering the Account Name and Password from other sources. There are a number of different ways to do this, depending on how your organization is using Windows Client and what you need to accomplish.

These options are described and contrasted in “Bypassing the Login Dialog Box vs. Requiring Users to Enter Their Information,” below.

Bypassing the Login Dialog Box vs. Requiring Users to Enter Their Information

As described in “User Validation Overview” above, a user logging in to Windows Client must provide a valid account name and password. This information is normally collected in the Login dialog box each time a user launches Windows Client.

Requiring users to enter all login information each time they log on is the simplest option to implement and provides the highest level of security. However, it requires users to enter their account information each time they use Windows Client.

Alternatively, you can configure your system to bypass the Login dialog box when users launch Windows Client by automatically providing the account name and password from other sources.

Note: Choosing to bypass the login dialog box may increase forgotten password incidents since users are rarely required to enter their passwords.

The following are the available sources to provide the Account Name and Password:

• Network user validation - In this option, a user does not need to provide an account name and password if the account name of the user currently logged into the network operating system matches an active InterAction user account name. If you use this option, the InterAction account names must exactly match the network account names.

• The Windows Client command line - The /u switch indicates user account name; the /p switch indicates password. For example, the following command line launches Windows Client with account name EMROBERTS and the password “SECRETPW”:

  INTRACTN.exe /uEMROBERTS /pSECRETPW

  Note that including a user’s password on the command line of a Windows icon or shortcut is NOT secure on a Windows 98 or ME workstation. An unauthorized user could discover the password for someone else by displaying the properties for the shortcut on the other user’s workstation.

Choosing a User Validation Method

Before you decide how to configure user validation, note the following important points:

• Choosing a method that bypasses the login dialog box may increase forgotten password incidents since users rarely enter their passwords.
• If you do choose to bypass login, you may want to set the passwords to never expire. Users may be confused by a “password expired” prompt if they never actually enter a password.

The option you choose depends on the level of security you want to use.

Configuring Network Validation

As noted in Choosing a User Validation Method, a user must provide Windows Client with a valid user account name and password.

You can configure Windows Client to get this information in a number of different ways.

• To always have users log in to Windows Client using the login dialog box, see “Use Maximum Security Validation” below.

• To let users log in to Windows Client without ever having to use the login dialog box, see either of the following sections:

  • Pass Account Information on the Windows Client Command Line

  • Turn on Network Validation

Use Maximum Security Validation

1. Log on to InterAction Administrator.

2. Follow the procedure in Set User Password Restrictions and set the Minimum Characters password length to a value other than zero.

   This forces users to set and maintain a password.

3. On the main window of InterAction Administrator, double-click User Account and Group Configuration in the entity list.

4. Choose Security.

5. Clear the Password not required when logged onto the network check box.

6. Choose OK.

Pass Account Information on the Windows Client Command Line

1. Add the desired parameter or parameters to the end of the Windows Client command line for the Windows icon or shortcut.

   The following table describes each available parameter and what it does.

   Note: This table only lists the parameters related to account information. The complete list of available command line parameters can be found in the InterAction for Data Stewards and Marketing Users guide.

   Parameter	What it does
   /u[AccountName]	Automatically fills in the Account field in the InterAction Login dialog box with the specified account name.
   /p[Password]	Automatically fills in the Password field in the InterAction Login dialog box with the specified password.
   /u[AccountName]/p[Password]	Completely bypasses the InterAction Login dialog box and logs in using the specified account identifier and password.

2. Note the following guidelines:

   • You can set the command line parameters differently for different users.

   • Do not include a space between the command line switch and its text (for example, /u EMROBERTS does not work).

   • Enclose the text in double quotation marks (") if the text includes spaces. If the name does not include spaces, the quotation marks are unnecessary.

   • When using multiple parameters, include a space between them.

Turn on Network Validation

1. Log on to InterAction Administrator.

2. On the main window of InterAction Administrator, double-click User Account and Group Configuration in the entity list.

3. Choose Security.

4. On the Security Settings dialog box, specify a trusted NT domain(s) for the user workstations in the Domain text box.

   A user must be in one of the specified domains to bypass the Windows Client login page.

   You can specify multiple domains by separating them with semi-colons (;) in the list.

    

   

5. Select the Password not required when logged onto the network check box.

6. Choose OK to save your changes and close the dialog box.