Securing Ektron CMS400.NET

Security Checklist

Complete this a checklist to secure Ektron CMS400.NET.

For the latest updates to Ektron’s security guidelines, see http://dev.ektron.com/kb_article.aspx?id=30982.

Change the Admin and Builtin User Passwords

Make sure you change the password for the Admin and Builtin user.

Change Admin user password

Change the Admin user password in the Workarea by following these steps.

1. In the Workarea, navigate to Settings > Users

2. Click the Admin user.

3. Click the Edit Users button.

4. In the Password and Confirm Password fields, enter the new password.

5. Click the Save button.

Change builtin user password

Warning! If you changed the builtin user password during the site setup, you do not need to change it again. See BuiltIn User for additional information. Also, the “builtin” user does not appear in the Users list. This user appears on the application setup screen.

Change the builtin user password in the Workarea by following these steps.

1. In the Workarea, navigate to Settings > Configurations > Setup.

2. Click the Edit button.

3. Find the Built In User field.

4. In the Password and Confirm Password fields, enter the new password.

5. Click the Update button.

Note: If you cannot sign in to Ektron CMS400.NET because the builtin user password was changed and you do not know the new password, use the BuiltinAccountReset.exe utility. This resets your Ektron CMS400.NET user / password to Builtin / Builtin. This utility is located in C:\Program Files\Ektron\CMS400versionnumber\Utilities.

Remove Sample Users and Sample Membership Users

Ektron CMS400.NET includes some sample users and sample membership users for evaluation and demonstration purposes. Remove these users when they are no longer needed.

CMS users have access to the Workarea and can be content authors, administrators or developers. These people count towards the number of users in your license.
Membership users are typically people who only interact with your Web site but have limited privileges to Ektron CMS400.NET. They cannot use the Workarea and do not count towards the number of users in your license.

Remove Sample Users and Sample Membership Users

Warning! Some users in this list might not appear in your User list. Also, you might have sample users that appear in your users lists. This depends on the version of the software you have installed.

Ektron CMS400.NET Users	Membership Users
jedit tbrown jsmith vs See Also: Managing Users and User Groups	jmember [email protected] north supermember west See Also: Membership Users and Groups

Ektron CMS400.NET Users

Membership Users

jedit

tbrown

jsmith

jmember

[email protected]

north

supermember

west

Removing CMS400.NET Users

To remove Ektron CMS400.NET users in the Workarea, follow these steps.

1. In the Workarea, navigate to Settings > Users.

2. Check the box next to each user that you want to remove.

3. Click Delete ().

4. Click OK.

Removing Membership Users

To remove Membership users in the Workarea, follow these steps.

1. In the Workarea, navigate to Settings > Community Management > Memberships > Users.

2. Check the box next to each user that you want to remove.

3. Click Delete ().

4. Click OK.

Disallowing Group User Accounts

Do Not Allow the Use of Group User Accounts

A group account is an account that more than one person uses to log in to Ektron CMS400.NET using the same username and password. This is a serious security issue because it prevents you from tracking user activities in your Workarea. Group accounts violate Ektron CMS400.NET's license agreement.

(continued in Making Additional Changes When you Decide to Buy)