The "Security" function is designed to protect the "PTConfig", "PTJobs" and "PTDocs" Prinect system folders against attacks by viruses or Trojans and prevent that files in these folders are unintentionally deleted or overwritten. This makes operation of Prinect Production more reliable. These folders are shared in the network environment of the Prinect server (and are known as "shares"), enabling Prinect Cockpits installed, for example, on other computers to access these system folders.
The protection function has the following impacts:
•If protection is enabled, users or applications in the Prinect network environment (neighborhood) that do not have special permissions will have readonly access to files and subfolders in the folders. See Write permissions in protected state.
•If protection is removed, files or subfolders in these folders can be created, modified, deleted or overwritten and files or folders can be copied or moved to these folders.
When "Security" is open in Administration, the left part of the window displays the security state of each of these folders ("Secure" or "Not secure").
Proceed as follows to check the security state of the folders:
1.On the left, mark the folder that you wish to check (1).
2.On the right, start the folder check by clicking "Check Write Permissions Now" (2).
3.The security state of the checked folder displays to the right of the folder list (3).
4.The permissions are listed in detail in the table (4).
5.The "Remove Redundant Write Permissions" button lets you restrict permissions to the extent that the marked folder is protected against unauthorized access (5).
6.When "Allow write access to shared Prinect folders for Windows user 'Everyone'" (6) is checked, access restrictions for all shared Prinect folders are removed. The security state changes to "Not secure".
The access permissions of the whole folder structure of the marked folder change after you click "Remove Redundant Write Permissions". This process takes a while (up to several hours). You must confirm the start of the check in a dialog. A wait animation displays during this time. During this period, you can continue working in another part of the Cockpit.
Write permissions in protected state
A local Windows user group, "Prinect Operators", with access permissions to the Prinect system is set up on Prinect Server during installation of Prinect Production. In the protected state, the members of the "Prinect Operators" group of users still have write permissions in folders "PTConfig", "PTJobs" and "PTDocs" whereas other users do not have such rights. For example, this is valid also for a Prinect user who was set up during installation of the Prinect software and whose permissions are used by the Prinect services. As a result, hotfolders, for example, continue to work within these folders after a system upgrade.
Note: Users who are set up exclusively as Prinect users with administrator rights in Cockpit no longer have write access to the Prinect system folders after the protection function has been enabled. To correct this, the users must also be set up as Windows or domain users and belong to the "Prinect Operators" group.
An example of how to set up a new Prinect user with login to the "Prinect Operators" user group can be found here: Setting up a new Prinect user.
Access permissions to Prinect shares
In certain constellations (domain/workgroup), Windows/Macintosh users may not have permissions to access important Prinect shares (e.g. PTJobs) if the protection is enabled. In these cases, an error message relating to this displays during the login to the Prinect Cockpit.
To avoid this, take note of the following items:
•Manage and authenticate the Prinect users preferably in a Windows domain.
•Enable Prinect Security by disabling the option "Allow write access to shared Prinect folders for Windows group "Everyone"" (if the option was enabled) and have the Prinect folders checked.
•Apart from that, make sure that all Windows and Macintosh users are members of the "Prinect Operators" Windows user group that is automatically created as of Prinect 2019 and that they authenticate themselves there.
•The local server user "prinect" is by default a member of the "Prinect Operators" user group.
•Other users are added automatically to this group if the following conditions are met:
•The user account is a valid domain or workgroup account.
•A Prinect account with this user name was set up that is authenticated in the domain or workgroup and has not only read permissions within Prinect.
Behavior for folders installed in addition to default
If protection is not active and you click "Remove Redundant Write Permissions", a check is run to see whether there are other subfolders in these shares in addition to the standard setup. A warning displays because it can be that general permissions are still needed for these subfolders:
•Protection is enabled also for these subfolders when you confirm the dialog with "Yes".
•Protection for the selected folder is not enabled if you click "No". If necessary, you can then move the additional folders that still need write permissions to a different place in the file system or in the network environment of the Prinect server and after that enable protection there.
Caution: Please note that no subfolders of "PTConfig" that are essential for Prinect Production to function properly may be removed from this folder!
Privacy Policy | Imprint | Prinect Know How | Prinect Release Notes