With IT groups becoming more security-conscious, I have been asked repeatedly if it is possible to have lower-level IT personnel install Dynamics GP workstations without causing security risks by giving out the SQL sa password.
The answer is Yes – you can create a user in Dynamics GP solely for Dynamics GP installs.
- First, I created a user in Dynamics GP named GPADMIN and set the password for the user. I purposely did not grant any company access or security.
- Then I edited the dex.ini SYNCHRONIZE= to TRUE to force dictionary synchronization with the DYNAMICS account framework (this would emulate the activity of running Utilities following a client install).
- Then I ran Dynamics Utilities ‘as administrator’ and logged in as GPADMIN, and it did successfully synchronize the dictionaries.
- Next I ran Dynamics and was able to log in successfully as far as the company selection screen. Since I granted no company access, there were none on the drop-down.
It appears that you could use this to allow installers to run a template install and still keep the sa and DYNSA accounts secure.
Additional notes:
- This works in Microsoft Dynamics GP 2018R2, we have not tested it in other versions at this point.
- This will only work for workstation installs or service pack updates. For adding companies in GP Utilities, you will need to use either sa or DYNSA. Make certain DYNSA is dbo for DYNAMICS and all companies listed in the SY01500 table. To take it one step further, the initial installation and database creation must be done using the sa account, since the installer needs to create DYNSA and set the login as dbo for Dynamics-related databases.
- DYNSA has security to log into GP, log into companies, and perform most maintenance tasks. GPADMIN (or whatever name you choose) will be able to install or update clients. Neither will be able to log into SSMS (SQL Server Management Studio) since their passwords are encrypted in the DYNAMICS database.
So next time you want to let someone install Dynamics GP workstations without giving out the sa password, follow these steps!
For more helpful Microsoft Dynamics GP tips and tricks visit www.calszone.com/tips
If you are looking for Microsoft Dynamics GP support and training contact CAL Business Solutions at 860-485-0910 x4 or sales@calszone.com
By Charles Ray, Senior Systems Specialist, CAL Business Solutions, www.calszone.com