Cover Your ODBC
We visit many customer sites and find that the ODBC connection to their HEAT system is not as secure as it could be. There are legitimate reasons some times, for example being in a hybrid environment like MS SQL and Novell, or using modules like HSS, which require SQL authentication. However if your group is in a pure Microsoft environment, meaning your HEAT database uses MS SQL and everyone logs into the network via Microsoft Active Directory, and you still use SQL authentication, then this tip is for you.
First, create an Active Directory group called ‘HEAT Users’ and another called ‘HEAT Admins’. Place Active Directory Users inside their respective groups. Next, go inside of SQL Studio Manager, and create a SQL user that points to the ‘HEAT User’ group and another that points to ‘HEAT Admin’ group. Give ‘HEAT Users’ public, db reader, and db writer rights, and ‘HEAT Admins’ database owner rights. Finally, update all of your HEAT user’s ODBC connections to use NT Authentication, instead of SQL authentication. Be sure to place whoever commits edit sets into the ‘HEAT Admins’ group.
Following these steps will not only increase security, but will also solve the problem of always having to enter a SQL password when logging into a HEAT module. Remember to include any HEAT services that use a service account into at least the ‘HEAT User’ group so that it may continue to log into the database. Additionally, HEAT Web UI and HSS will continue to need a SQL Authentication. If you are using either of these modules, it may be a good idea to tighten that SQL user so that it only has normal public rights to the database.