Sage 100

We continue to run into security issues while trying to upgrade a client to Sage 100 Premium.  it is  mainly because they (IT) are not comfortable with the recommended Sage settings and feel it opens up their accounting system to the whole internet.

 

With that said, hoping someone can help with the current issue:

 

When logging on to Sage from the user terminal server (not were Sage is installed), we are getting this error while running reports:

 

It is resolved by selecting "Run As Administrator" when launching Sage 100 …. But IT does not want to do this.  Any ideas?

 

------------------------------
Douglas Luchansky
ACI Consulting
------------------------------

Hmm. interesting. we run this scenario all the time, and we've never had that issue, and the terminal server end users are not local admins on the RDSH. 

I'm wondering if this is as an ODBC permission elevation issue. 
Can you check and make sure that the Sage users group have at least explicit READ access on the following keys: 

HKLM/SOFTWARE/ODBC
HKLM/SOFTWARE/Wow6432Node/ODBC

Also for good measure MODIFY permissions for the Sage users group on: 

(obviously) MAS90  and the Sage Client folder
and 
C:\programdata\Sage Software
C:\programdata\Sage
C:\Program Files (x86)\Common Files\Sage
C:\Program Files (x86)\Sage

On both the Sage app server, and the RDSH (where applicable) 

I'm also assuming that the SQL authentication in ODBC is in fact SQL and not Windows Auth.

Also: Is UAC turned on on the RDSH? (We turn that off, which actually could contribute to the error above if turned on)



------------------------------
George Khairallah
CTO | gotomyerp, LLC
george.k@gotomyerp.com | 877-888-5525
http://gotomyerp.com/
------------------------------

The area of required permissions - and doing battle with bigger IT departments - is a growing issue. Sage's guidance for required rights is good until you run into larger sites using virtualized desktops and they have questions.

IT doesn't understand why they can't call Sage to ask questions about their highly customized network security configuration and the exact changes they need to make to avoid similar type errors.

Actually, IT can call Sage but the support has been rather hit or miss and understandably Sage does not get into supporting special configurations of network security.

Unfortunately, most of the remaining larger Sage 100 sites have custom configuration.



------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------

This probably does go a bit in a tangent, but Wayne makes a good point, and it is actually true on the part of most software publishers. 

Being an "IT" person myself, may I defend "my kind" 😬 for a moment: 

In my experience, the reason why this has become this way is 2-fold: 
1- IT folks always want to cover themselves and practice good security habits within their infrastructures, so they lock things down, etc... as any good IT person should do 
2- Software publishers, have caught up on this (probably over time), IMHO, rightful trend, and the majority of them now, instead of creating specific guidance on what their software requires as far as permissions, they take the lazy way, (perhaps probably also rightly so given the complexities of individual IT infrastructures) and make their "requirement" (BS), that their software needs "Local Admin" rights, or FULL permissions for EVERYONE in  certain folders. So much so, that when you call support.... Sage or otherwise: in a lot of cases they actually state some ridiculous permission set as the "requirement". 

I have personally experienced some software where the actual installer adds the "EVERYONE:FULL" permissions on all their folders. 
This would drive any decent IT person nuts! (makes sense)

One particular company seems to actually do it right, and even though their whole "you need to be certified to contact us for support is a bit ridiculous", is Vineyard soft. I was impressed by their guidance and specific instructions on how to allow their product to run in a more locked down environment.  They're unfortunately, the exception. 

Just my 2c regarding that growing disparity in the battle between consultants/software publishers, and IT people.

------------------------------
George Khairallah
CTO | gotomyerp, LLC
george.k@gotomyerp.com | 877-888-5525
http://gotomyerp.com/
------------------------------

Original Message:
Sent: 06-06-2019 07:01
From: Wayne Schulz
Subject: Sage 100 Premium Security

The area of required permissions - and doing battle with bigger IT departments - is a growing issue. Sage's guidance for required rights is good until you run into larger sites using virtualized desktops and they have questions.

IT doesn't understand why they can't call Sage to ask questions about their highly customized network security configuration and the exact changes they need to make to avoid similar type errors.

Actually, IT can call Sage but the support has been rather hit or miss and understandably Sage does not get into supporting special configurations of network security.

Unfortunately, most of the remaining larger Sage 100 sites have custom configuration.



------------------------------
Wayne Schulz - Schulz Consulting - 860-516-8990
------------------------------