3.7 Windows-specific security recommendations

This section contains security recommendations that are specific to Windows when used to run LiveCycle.

3.7.1 JBoss Service accounts

The LiveCycle turnkey installation sets up a service account, by default, using the Local System account. The built-in Local System user account has a high level of accessibility; it is part of the Administrators group. If a worker process identity runs as the Local System user account, that worker process has full access to the entire system.

3.7.1.1 Run the application server using a non-administrative account

  1. In the Microsoft Management Console (MMC), create a local user for the LiveCycle server service to log in as:

    • Select User cannot change password.

    • On the Member Of tab, ensure that the Users group is listed.

  2. Select Settings > Administrative Tools > Services.

  3. Double-click the application server service and stop the service.

  4. On the Log On tab, select This Account, browse for the user account you created, and enter the password for the account.

  5. In the Local Security Settings window, under User Rights Assignment, give the following rights to the user account that the LiveCycle server is running under:

    • Deny log on through Terminal Services

    • Deny log on locally

    • Log on as Service (should be already set)

  6. Give the new user account Read & Execute, List Folder Contents, and Read permissions to LiveCycle web content directories.

  7. Start the application server service.

3.7.2 File system security

LiveCycle uses the file system in the following ways:

  • Stores temporary files that are used while processing document input and output

  • Stores files in the global archive store that are used to support the solution components that are installed

  • Watched folders store dropped files that are used as input to a service from a file system folder location

When using watched folders as a way to send and receive documents with a LiveCycle server service, take extra precautions with file system security. When a user drops content in the watched folder, that content is exposed through the watched folder. In this case, the service does not authenticate the actual end user. Instead, it relies on ACL and Share level security to be set at the folder level to determine who can effectively invoke the service.

// Ethnio survey code removed