Microsoft KB Archive/887701

= FIX: Host Integration Server 2004 Client does not save the user supplied password when “User Supplied Credentials” is enabled =

Article ID: 887701

Article Last Modified on 12/4/2007

-

APPLIES TO


 * Microsoft Host Integration Server 2004 Standard Edition

-





SUMMARY
Microsoft Host Integration Server 2004 Client does not save the user supplied password when User Supplied Credentials is enabled. If User Supplied Credentials is enabled when Host Integration Server 2004 Client is configured, the Microsoft Host Integration Server Logon dialog box appears every time that the SnaBase application is initialized.

The logged on user must enter the following for validation by the Host Integration Server 2004 server:
 * A valid User name
 * A valid Password
 * A valid Domain

The SnaBase application writes the user supplied User name and the user supplied Domain to the registry in clear text after the User name and the Domain are first populated. The user supplied Password is not written to the registry. The Microsoft Host Integration Server Logon dialog box appears every time that the SnaBase application is initialized. This permits the logged on user to enter the password.

Earlier versions of SNA Server Client and of Host Integration Server 2000 Client permitted the user supplied Password to be written to the registry in clear text. This feature is removed from Host Integration Server 2004 to enhance the security of the product.



MORE INFORMATION
Host Integration Server 2004 Client has been updated so that the user supplied Password can be written to the registry in an encrypted format. The user supplied Password is written to the registry when This account is selected. You can find This account in the Advanced options dialog box of the Microsoft Host Integration Server 2004 Client Configuration Wizard.

User supplied credentials are only available when the Host Integration Server 2004 Client is configured with a deployment type of Everyone (run as application). The This account option will be disabled if Just me (run as application) or Windows Service is chosen as the deployment type in the Host Integration Server 2004 Client Configuration Wizard.

If This account is selected, the following boxes are enabled:
 * User name
 * Password
 * Domain

If the User name box and the Domain box are populated, and the Password box is blank, the User name value and the Domain value are written to the registry in clear text. The Password registry entry value is cleared. Therefore, the user is prompted with the Microsoft Host Integration Server Logon dialog box every time that the SnaBase application initializes.

If all three boxes are populated, the User name value and the Domain value are written to the registry in clear text. The Password value is written to the registry in an encrypted format.

The registry entries are written to the following location:

The registry entry locations are as follows:
 * Password, REG_Binary
 * UserName, REG_SZ
 * LogonDomain, REG_SZ

The password that is specified in the Host Integration Server 2004 Client Configuration Wizard is encrypted on a per-computer basis. If multiple users log on to the Host Integration Server 2004 Client servers, each user uses the configured user credentials to access their Host Integration Server 2004 servers.

This new feature does not let you use user specific credentials with an encrypted password on a single Host Integration Server 2004 Client server. If each user who logs on to the Host Integration Server 2004 Client servers requires a unique set of credentials to access the Host Integration Server 2004 servers, the Password box can be left blank. Each user can enter their unique credentials in the Microsoft Host Integration Server Logon dialog box. Alternatively, use the default setting of Logged on User. Logged on User lets Host Integration Server 2004 Client use the credentials of the currently logged on user to access the Host Integration Server 2004 servers.

The new encrypted password feature can be configured during an unattended installation and during a configuration of the updated Host Integration Server 2004 Client. To configure Host Integration Server 2004 Client to use specific user credentials during an unattended installation, follow these steps:
 * 1) Run the Setup.exe program to manually install Host Integration Server 2004 Client.
 * 2) Run the Microsoft Host Integration Server 2004 Configuration Wizard to manually configure Host Integration Server 2004 Client.
 * 3) In the Advanced options dialog box, click This account.
 * 4) Type the , the  , and the   that you want to use to access the Host Integration Server 2004 servers.
 * 5) Locate the Summary page in the Host Integration Server 2004 Configuration Wizard. Click Save to save a copy of the client configuration in an XML file.

You can use the XML file as input for both the Host Integration Server 2004 Client Setup.exe program and for the Configframework.exe program. You can use the XML file as input for an unattended installation and for a configuration of additional Host Integration Server 2004 Clients.

The User name setting, the Password setting, the Domain setting, and the This account setting are listed in the XML file as follows:

johnsmith ***Hidden*** domain1 yes

The Password value that you specified in the manual configuration of the initial Host Integration Server 2004 Client is not saved in the XML file. You have to modify the XML file to include the Password value. You have to do this before you use the XML file for an unattended installation. After you modify the XML file to include the Password value, the Password value exists in clear text in the XML file. Therefore, you must store the XML file in a secure location. Alternatively, you can remove the password after the unattended installation finishes.

For additional information about an unattended installation for Host Integration Server 2004, visit the following Microsoft Web site:

http://www.microsoft.com/downloads/details.aspx?FamilyId=82534D92-BD77-44C9-9AD6-26238B604658

If the credentials that you specified have to be changed after Host Integration Server 2004 Client is installed, you can use one of the following methods to change the credentials:
 * Run the Host Integration Server 2004 Configuration Wizard interactively to change the credentials.
 * Run the Host Integration Server 2004 Configuration Wizard by using the unattended command-line command. Specify a client configuration XML file that includes the updated credentials.

A supported feature that modifies the product's default behavior is now available from Microsoft, but it is only intended to modify the behavior that this article describes. Apply it only to systems that specifically require it. This feature may receive additional testing. Therefore, if the system is not severely affected by the lack of this feature, we recommend that you wait for the next Host Integration Server 2004 service pack that contains this feature.

To obtain this feature immediately, contact Microsoft Product Support Services. For a complete list of Microsoft Product Support Services telephone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/contactus/?ws=support

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.   Date         Time   Version      Size    File name 24-Jan-2005 20:26  6.0.1827.0  304,640  Configframework.exe 24-Jan-2005 20:25  6.0.1827.0  301,056  Configframeworkui.dll 22-Jan-2005 00:18  6.0.1930.0  162,816  Hisconfig.dll 22-Jan-2005 00:02  6.0.1930.0   24,064  Hisconfigui.dll 22-Jan-2005 00:16  6.0.1930.0  214,016  Snabase.exe 22-Jan-2005 00:16  6.0.1930.0   23,552  Snareg.dll Note Because of file dependencies, the most recent fix that contains the previous files may also contain additional files. 

Additional query words: HIS2004

Keywords: kbhowto kbinfo kbbug kbfix kbqfe kbhotfixserver KB887701

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.