Security Checklist

Change Admin user password

1. In the Workarea, choose Settings > Users.
2. Click the Admin user.
3. Click Edit Users.
4. Enter the new password in the Password and Confirm Password fields.
5. Click Save.

Change builtin user password

WARNING! If you changed the builtin user password during the site setup, you do not need to change it again. See Editing the Builtin Username and Password for additional information. Also, the “builtin” user does not appear in the Users list. This user appears on the application setup screen.

1. In the Workarea, choose Settings > Configurations > Setup.
2. Click Edit.
3. Find the Built In User field.
4. Enter the new password in the Password and Confirm Password fields.
5. Click Update.

   NOTE: If you cannot sign in to Ektron because the builtin user password was changed and you do not know the new password, use the BuiltinAccountReset.exe utility. This resets your Ektron user / password to Builtin / Builtin. This utility is located in C:\Program Files\Ektron\CMS400versionnumber\Utilities.

Remove Sample Users and Sample Membership Users

Ektron includes some sample users and sample membership users for evaluation and demonstration purposes. Remove these users when they are no longer needed.

• CMS users have access to the Workarea and can be content authors, administrators or developers. These people count towards the number of users in your license.
• Membership users are typically people who only interact with your Web site but have limited privileges to Ektron. They cannot use the Workarea and do not count towards the number of users in your license.

WARNING! Some users in the following lists might not appear in your User list. Also, you might have sample users that appear in your users lists. This depends on the version of the software you have installed.

Ektron Users—See Also: Managing Users and User Groups

• jedit
• tbrown
• jsmith
• vs

Membership Users—See Also: Membership Users and Groups

• jmember
• [email protected]
• north
• supermember
• west

Removing Ektron Users

1. In the Workarea, choose Settings > Users.
2. Check the box next to each user that you want to remove.
3. Click Delete ().
4. Click OK.

Removing Membership Users

1. In the Workarea, choose Settings > Community Management > Memberships > Users.
2. Check the box next to each user that you want to remove.
3. Click Delete ().
4. Click OK.

Disallow Group User Accounts

Do Not Allow the Use of Group User Accounts

A group account is an account that more than one person uses to log in to Ektron using the same username and password. This is a serious security issue because it prevents you from tracking user activities in your Workarea. Group accounts violate Ektron's license agreement.

Making Additional Changes When You Decide to Buy

Complete the following changes when you make the decision is made to purchase the product and go live with your site. You do not need to make these changes if you are using Ektron for demonstration or evaluation purposes.

WARNING! You should create your own Administrator user and deleting the Admin user. Also, delete unnecessary users from Ektron.

Changing the Everyone Group Permissions

By default, the root folder in Workarea provides the Everyone Group with all permissions except Overwrite Library. You should review the permission needs of the Everyone Group when you add a folder. See Also: Managing Folder Permissions

Renaming or Removing ServerControlWS.asmx

Best Practice  For improved security, you should rename or remove the Web services file when you move it to your production server. After installation, this file is named ServerControlWS.asmx and resides in the webroot/siteroot/Workarea folder.

ServerControlWS.asmx is the Web service that enables the server controls interact with Ektron. The path is coded in the siteroot/web.config file. This is how it appears:

<!-- Web Service URL for Server Controls design time  --> 
<add key="WSPath" value="http://localhost/CMS400Developer/Workarea/ServerControlWS.asmx" />