MICROS 3700: Windows Integrated Logon 2

[Kniteschaed]

Hesitant to enable this feature.
But we would really like to reap the benefits of LDAP or something similar if MICROS supports it.
Last thing I want to do is enable the feature and lock us all out (or something crazy like that).

Our MICORS 3700 system is already domain joined.
We use domain credentials to log into the server.

That all being said I have a few questions:
1. I would like to use the domain credentials to log us straight into POS Configurator (or other applications my users have access to)

Does Windows Integrated Logon accomplish this?​

2. If/when I check the Windows Integrated Logon checkbox will it still allow login to MICROS applications using the User ID/User Password?

Will it only allow login if the Windows Domain Name and/or Windows User Name fields are filled out (ignoring the User ID that was created)?​

Basically, will it immediately lock out everyone is what I'm worried about...?​

3. Windows Domain Name

Because I cannot enter "@" or "." - I presume this would be our domain username without domain (ex. @domain.local)?​

4. Windows User Name

I presume this would be a local user account?​

Because we use domain accounts I presume this would remain blank for users?​

5. Any other tips or helpful information regarding enabling and implementing this feature?

Anything to watch out for?​

Thank you all in advance!

 

[BootstrapperRI]

Create a local admin user with full MICROS privileges (or 3) as a backup/emergency that is not used for any other purpose.

If you do get locked out of MICROS, but not the server. There is a back door.

David Jenulis

http://www.ncbpinc.com

 

[pmegan]

I've been using integrated logon with our Micros 3700 systems, (23 of them right now), for years.

[ol 1]
[li]Yes, using integrated logons will let you access all of the back office applications without prompting for a username/password.[/li]
[li]When you enable windows authentication, you can no longer use an ID/password to log on. If the user logged onto windows hasn't been set up correctly in Micros, you'll get an error saying so.[/li]
[li]The Windows Domain Name and Windows User Name fields in the configurator are for each user's Windows logon. So if my full user account is mydomain\myusername, then mydomain goes in the Windows Domain Name box, and myusername goes in the Windows User Name box.[/li]
[li]See #3[/li]
[li]You can enter all of the domain & username info ahead of time. It will just sit there and do nothing until you check the Use Windows Integrated Logon option in the Restaurant / Security tab. Also, don't worry about getting locked out. You can switch back to standard or classic security using SQL if things get messed up. This is a good reason to leave the exiting Micros credentials in place. They'll be ignored once you enable integrated logons, but if you have to roll back to standard security for some reason, they'll still be available.[/li]
[/ol]

[COLOR=#4E9A06]/* use this to enable standard Micros security */[/color]
update 
[indent]micros.rest_def[/indent]
set 
[indent]ob_classic_security = 'F',[/indent]
[indent]ob_enable_integrated_logon = 'F',[/indent]
[indent]req_alphanum_pwd = 'T',[/indent]
[indent]max_failed_logins = 6,[/indent]
[indent]pwd_repeat_int = 4,[/indent]
[indent]min_pwd_len = 7,[/indent]
[indent]days_until_exp = 90,[/indent]
[indent]max_idle_time = 15;[/indent]
commit;



[COLOR=#4E9A06]/* use this to enable integrated logons */[/color]
update 
[indent]micros.rest_def[/indent]
set 
[indent]ob_classic_security = 'F',[/indent]
[indent]ob_enable_integrated_logon = 'T';[/indent]
commit;

You can also enable classic security, (pre-res4.1 that using just the pc application id to log in), but doing that will disable POS Operations system wide until you re-enable at least standard security.

 

[Kniteschaed]

pmegan,

Thank you so much for your detailed response.
I feel much better about implementing this feature!

Will let you know how things go after I get everything setup.

 

[pmegan]

My pleasure. It's been working great for me, and our restaurant managers love having one less rotating password to worry about.

 

[Kniteschaed]

That's exactly how this all came about.
That one additional password has caused all manner of trouble and confusion.

 

[Kniteschaed]

You can enter all of the domain & username info ahead of time. It will just sit there and do nothing until you check the Use Windows Integrated Logon option in the Restaurant / Security tab.

Spent a day, end of last week, getting things pre-configured.
Setting my active users "Windows Domain Name" and "Windows User Name".
As stated - it didn't effect things at all to have it entered.

Decided I wanted to wait until today (early in the week) to implement the feature in case of unforeseen trouble.

Checked the box today and it was instantaneous...and wonderful!
Everything worked. Doesn't prompt for login when accessing POS Configurator, Autosequences, etc.
Tested with a handful of accounts - no problems.

I think this is going to make many folks very happy!
Thank you again pmegan!

 

[pmegan]

Excellent! Glad I could help.