Cisco Cisco Unified Customer Voice Portal 11.0(1) Installation Guide
2-24
Cisco Customer Voice Portal (CVP) Release 3.1(0) Installation Guide
Chapter 2 Installing Customer Voice Portal Software
Activating the Security Feature
Step 7
Click Edit in the Anonymous access and authentication control section.
Step 8
Uncheck Basic Authentication and check Integrated Windows Authentication. Click OK and click
OK again on the AppAdmin Properties screen.
OK again on the AppAdmin Properties screen.
Step 9
Open a DOS command window and type ISNSecurity. This runs a batch script that creates the three
Windows user groups (isnadmin, isnconfig and isnuser) and adjusts all folder and registry permissions
accordingly.
Windows user groups (isnadmin, isnconfig and isnuser) and adjusts all folder and registry permissions
accordingly.
Step 10
There is a manual step during the script. Follow the instructions provided and press Enter to complete
execution of the script.
execution of the script.
Note
The script may be re-run multiple times in the event a mistake is made or an error occurs.
Step 11
To add users to a group, from the Window Start menu, select Start > Settings > Control Panel >
Administrative Tools > Computer Management > Local Users and Groups
Administrative Tools > Computer Management > Local Users and Groups
Step 12
Turn off remote procmon access to the CVP machine. From VBAdmin, 'SetSecurityMask 0' and then
restart the CVP VB. This prevents unauthorized remote access to procmon.
restart the CVP VB. This prevents unauthorized remote access to procmon.
Note
Once you perform this step, all CVP maintenance must be performed on the CVP box itself via
PCAnywhere, Terminal services, etc.
PCAnywhere, Terminal services, etc.
Step 13
Display view-only ISN process windows (optional step). During install, if the selection was made to hide
the CVP process windows you may want to display “view-only” CVP process windows to the user (i.e.
if these windows are terminated, they do not terminate the actual CVP processes). To bring up view-only
process windows, select: Start > Programs > Cisco Internet Service Node > CVP Monitor
the CVP process windows you may want to display “view-only” CVP process windows to the user (i.e.
if these windows are terminated, they do not terminate the actual CVP processes). To bring up view-only
process windows, select: Start > Programs > Cisco Internet Service Node > CVP Monitor
Current Limitations of the CVP Security Feature
The following limitations pertain to the CVP Security Feature:
•
The System Administrator must perform installs (including Service Releases and Engineering
Specials).
Specials).
•
The CVP process windows must be hidden from view because an existing Microsoft defect currently
allows non-privileged users to close them. Although it was supposedly fixed in Windows 2000
Server SP4, testing has shown that the defect still occasionally appears. (see Windows Knowledge
base article 816131) http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3B81613.
allows non-privileged users to close them. Although it was supposedly fixed in Windows 2000
Server SP4, testing has shown that the defect still occasionally appears. (see Windows Knowledge
base article 816131) http://support.microsoft.com/default.aspx?scid=kb%3BEN-US%3B81613.
You can monitor system status by:
–
looking at system status in ICM service control
–
running CVP Monitor to activate view-only CVP process windows
–
examining CVP logs
•
Remote procmon administration for the ISN Voice Browser is disabled because procmon cannot
easily perform login/password procmon security checks. CVP voice browser administration must be
performed on the machine itself.
easily perform login/password procmon security checks. CVP voice browser administration must be
performed on the machine itself.
•
Logging on to any CVP server (i.e., application server, voice browser) with a remote connection or
to Windows Terminal Services as a read-only user (isnuser) is not supported. Note that any session
associated with that type of log on attempt must be reset using the Terminal Services Manager.
to Windows Terminal Services as a read-only user (isnuser) is not supported. Note that any session
associated with that type of log on attempt must be reset using the Terminal Services Manager.