Changing TeamSite Password

...and I've very scared.

I've searched around and haven't really found anything on the subject. We're wanting to change our TeamSite password. Our implementation is several years old now, and a lot of folks have come and gone. We decided that it might be a good idea to at least explore the possibility. Platform is Wintel, TeamSite 6.x, OD 6.1. We're pretty certain that there are some custom apps that might be running at TS, and there are probably going to be some scripts that have the TS account and password hard coded.

I'm just looking for any tips, tricks, things to watch out for, etc. when changing the TeamSite account password. Also, any best practices around TS security and storing passwords. I'm thinking that we should probably have the password information in encrypted XML and just access it from scripts. That would do a better job of securing the password and would make it so that we only have to change it in one place when we do need to change it. Make sense?

Find more posts tagged with

Comments

13adam13

I've searched around and haven't really found anything on the subject. We're wanting to change our TeamSite password.

Probably because there is isn't usually a "teamsite" password. Are you operating in an environment where the teamsite services are not running as a service account, but rather using this user account?

I'm just looking for any tips, tricks, things to watch out for, etc. when changing the TeamSite account password.

Remember that there might also be scheduled tasks running with this account.

... and would make it so that we only have to change it in one place when we do need to change it.

This is something that I would recommend that you do with as much information as possible. It certainly makes adminsitration much easier.

I'm thinking that we should probably have the password information in encrypted XML and just access it from scripts.

I am not sure that this makes sense, though. If the script can read it, then the makers of the script can read it. Who would you be hiding the password from?

Corey_Null

I'll admit that I don't know how the encrypted XML works. Someone just told me that is what we should be doing when I said that we had the account and password hard-coded in the scripts.

The teamsite services are running as local system accounts. I'll look for scheduled tasks. Thanks!

13adam13

The teamsite services are running as local system accounts.

What is the TeamSite account, then?
If it is a general administrative account on the server used to run custom scripts and the like, I would not expect any of the scripts to need a password to work. I would think that the only time you would need to provide the password would be for external scripts using that account to access the server.

Corey_Null

What is the TeamSite account, then?

Good question. I guess that I assumed that it was created during the installation as sort of a "****" account within the TeamSite product (Funny how quickly we forget certain things from TeamSite Admin training when we don't do it every day).
I know that it is used in scripts to do administrative activities (scheduled tasks for iwfsck, iwfsshrink, etc) within TeamSite. I also know that our Server Team folks rename the Administrator account in Windows (and we don't have the password), so when we install, I believe we use the Teamsite domain account, which is in the Local Administrators group on each of the TeamSite servers.

13adam13

Good question. I guess that I assumed that it was created during the installation as sort of a "****" account within the TeamSite product.

I can tell you with absolute certainty that the installation of TeamSite (or any other IW products that I have worked with) does not create an account. However, it could have been the account created by your administrative team to use in place of the admin account when installing and running TeamSite.
As such, the password of the account is only important when someone needs to log into the server, or if TeamSite is running as that account. On WinIntel, you would need to update the password from the services MMC console to keep the services running with this account after the password is changed.

nipper

I can tell you with absolute certainty that the installation of TeamSite (or any other IW products that I have worked with) does not create an account.

Not quite, TS will create the TS_IMP_mahcinename local account for preview.

That being said, there typically is an account I like to create called tsadmin for any admin related stuff, but that is a normal user subject to the corporate policies on passwords.

Adam Stoller

I can tell you with absolute certainty that the installation of TeamSite (or any other IW products that I have worked with) does not create an account.

As Nipper mentioned there's TSIMP_hostname (only one underscore Andy) on Windows, and then there was iwui which I believe got changed to iwts and there's also the iwglobal group -- there will probably soon be an iwglobal (or similar) userid too -- These exists for Unix, not sure about Windows.

Other than that, you were right ;-)