IBM Support

Security considerations & recommendations for running SURunAs

Technote (troubleshooting)


Problem

The SURunAs (Smart Upgrade Run As Admin) utility is designed for users who need to install or upgrade Notes but do not have local workstation administrator privileges. Are there any security considerations for running this utility?

Resolving the problem


Before deploying the SURunAs utility you should take into consideration and plan for the following requirements:

(1) SURunAs requires a username and password so that Smart Upgrade can run as an account with administrative privileges to users' workstations.

(2) SURunAs uses a Windows API call that requires the account password to be passed in clear text.

Due to these requirements, IBM Lotus recommends that administrators generate a generic name with password for an OS profile to be used across workstations by SURunAs, and then remove that profile once the installs and upgrades are complete.

Note: An enhancement request to modify the design of SURunAs to work around the clear text password requirement has been submitted to Quality Engineering as SPR #JSTN84CSC7.

---------------

SPR# JSTN84CSC7 is fixed in Notes 8.5.3. - Prior to this fix, SURunAs contained a security issue where passwords could be compromised because they were stored in plain text. In 8.5.3, SURunAs was completely rewritten and secured, including stored passwords with encryption.

Related information

Using the "Smart Upgrade Run As" feature to upgrade Not

Document information

More support for: IBM Notes
Install/Setup

Software version: 7.0, 8.0, 8.5

Operating system(s): Windows

Reference #: 1427073

Modified date: 29 April 2010