Access to the Deployment Server

[JN2006]

Hello everyone,
I am trying to find if there are any issues allowing individual CNC administrators access to JDE servers?

We have a SOX audit going on and the auditors raised some questions regarding the administrative access of CNC user. We use a common id to login to all JDE servers and carry out CNC activities.

i would like to know, if our CNC administrators can use their individual Active Directory IDs to login to the servers and carry out all CNC activities?

I faintly remember that some of the previous installation guides of JDE mentioned creating user JDE or PSFT on the deployment server before starting the installation.


Any help in this query would be most welcome.

Thanks
E1 8.12, 8.97.1.1 WAS 6.0.2.13, win 2K, SQL Server 2005 SP2.

 

[DRezanka]

It depends. No problem with the clients. I wouldn't do any enterprise server administration without logging in with the common profile (JDE, PSFT, ONEWORLD). Note this is from an AS400 ES perspective. I don't have much experience with the Intel / Unix side. It seems it wouldn't matter for those platforms.

 

[DRezanka]

I meant the Deployment Server too. We have no problem managing it with our individual accounts.

 

[JN2006]

Thanks DRezanka
I wanted to know if its a common practice to use individual accounts to manage Windows JDE servers or should a generic account like JDE or PSFT be used?
I faintly remember that in older installation guides for XE till 8.10 there used to be instructions to create a user JDE or PSFT and give it administrative access on all the JDE servers.

Does that still hold true or from 8.12, we can use our own individual IDs and just give them proper administrative access.

Thanks..

 

[gregglarkin]

[ QUOTE ]
i would like to know, if our CNC administrators can use their individual Active Directory IDs to login to the servers and carry out all CNC activities?

I faintly remember that some of the previous installation guides of JDE mentioned creating user JDE or PSFT on the deployment server before starting the installation.


[/ QUOTE ]

Our shop has gone through a bunch of SOX audits. As a best practice, each CNC has a seperate JDE ID and Lan ID to access the deployment and enterprise servers. This gives a measure of accountablity. We have shared access to the JDE account, but very strict rules as to when it is used. I use it regularily for package builds. That is documented. If I am doing other tasks like service packs (tools releases) or ESUs, that require the use of the JDE ID, those are also documented through change control.

Recently, we added another layer. I have two lan IDs now. One for accessing the servers, and the other for regular use on my PCs and accessing the internet. The server lan accounts are strictly for accessing the JDE and other servers. If I am downloading patches, or otherwise accessing the internet, I use my standard lan account. This way, if my lan account gets hijacked, the servers are not vulnerable.

Gregg