Novell ZENworks Endpoint Security Management 3.5 Manuale Utente

ZENworks® ESM 3.5

Administrator’s Manual

224

The SQL database passwords (if used) are stored as clear text in many of the ESM config files, 
and can present a security hole. To encrypt the passwords, the following is recommended: 

Update the connection strings with an Integrated Security value. 

This is an example of a connection string to an OleDb compliant data source, containing a User 
name and password:

<add key="NovellMSConnectionString" value="Provider=sqloledb;Data Source=ACME_MAIN;Initial 
Catalog=STMSDB;User Id=ST_STMSDB_USER;Password=abc123;" />

Replace the User Id and Password values with the value: Integrated Security=SSPI. 

Example:

<add key="NovellMSConnectionString" value="Provider=sqloledb;Data Source=ACME_MAIN;Initial 
Catalog=STMSDB;Integrated Security=SSPI;" />

The file locations for the relevant connection strings are:

•

\Program Files\Novell\ESM Management Console\PolicyEditor.exe.config

•

\Program Files\Novell\ESM Standalone Management Console\UnmanagedEditor.exe.config

•

\Program Files\Novell\ESM Standalone Management Console\UnmanagedEditorIn-
staller.exe.config

•

\Program Files\Novell\ESM Distribution Service\PolicyServer\web.config

•

\Program Files\Novell\ESM Distribution Service\PolicyServer\bin\AgentService.exe.config

•

\Program Files\Novell\ESM Management Service\AuthenticationLib\web.config

•

\Program Files\Novell\ESM Management Service\AuthenticationLiB\bin\AgentSer-
vice.exe.config

•

\Program Files\Novell\ESM Management Service\AuthenticationServer\web.config

•

\Program Files\Novell\ESM Management Service\AuthenticationServer\bin\ManagementServ-
erAgent.exe.config

•

\Program Files\Novell\ESM Management Service\AuthenticationServer\bin\ManagementServ-
erInstaller.exe.config

•

\Program Files\Novell\ESM Management Service\Reporting\web.config