Authentication in windows version 24x7

So....I have an account defined in 24x7 win version with the same name as my domain account and a password that is different.

When I accidentally entered my domain password to log into that 24x7 account this morning it let me in....so what does the integrated security do if anything if it's not authing the password?

Can you confirm that "enable user-level security in this job database" option is checked in the scheduler settings?

It sure is

In version 3.x it is supposed to be using your password in the scheduler settings. In v4.x it is supposed to be using your network credentials.

Just one little thing, you are not trying it with Test Connect, are you? Test Connect is a sort of "ping" for pinging physical connections. It prompts for user id/password because it needs it for a physical connection, but it doesn't authenticate your user at that stage. If you do a normal connect, then it is going to authenticate your connection.

No not test connect it's a full connection, shows job tree and I can browse freely. This is through 24x7 remote control console.

We couldn't find a way to reproduce this issue. Are you able to reproduce it on demand?

Yep, I just did it. To restate, I have an admin level account within a 24x7 running as a service with user level security on and a password defined which is different from my domain account, which has the same username and is an admin on that box.

I start up 24x7 remote control from my laptop(logged into windows with my domain account), point it at the server, it asks me to log in, I can enter my domain password to authenticate and I get full access to the job db. I can also enter the password on the 24x7 account. Even worse, I've just tried a string of nonsense and even that will let me in. I don't even need to enter a username which is valid.

I will try with another account logged into my workstation to see whether this is just making a leap to domain auth or if it's actually really insecure.

That likely indicates that the security option is not enabled in the settings and you can login using any name and password. I suggest stopping the service, starting 24x7 in GUI mode and verifying the security option state.

Considering that I need to log in properly to the web console thats not the case. Only the correct 24x7 valid uname and password will let me in there.

Which version of 24x7 are you running on your laptop? server?

I was able to reproduce that in 3.6.5 There is surely some defect, perhaps a side effect of some other change. This issue status has been elevated to top level.

The remote control client is 3.6.6 while the server is 3.6.1

Hi,

Version 3.6.9 has been released. This version fixes the security flow in the 24x7 Remote Console. For best results you should upgrade both the server and the client computers.

The download link is available on the product home page http://www.softtree.com/24x7/index.shtml