Business Desk Security Notes

  • Article

  • When you secure Business Desk, keep in mind the following known issues.

  • Review Windows accounts with Business Desk permissions before you pack a site.

    When unpacking a site using Commerce Server Site Packager, Windows accounts with Business Desk permissions are also unpacked.

    For example, you have Commerce Server installed on one computer and you add local groups and accounts. If you package the site and then unpack it on a different computer, the accounts will also be unpacked. When you open Business Desk, the permissions will still be available.

  • If the DEBUG_MODE flag in the BizDataServices.asp file is enabled, then A Business Desk user must have access to the log file in the Profiles folder before saving changes to a profile definition. This flag is turned off by default.

  • By default, the ACL for the BizDataManager.dll file is set to the option Everyone. This does not affect the security of Commerce Server Manager. Only users in the Administrators group can run Commerce Server Manager.

  • When you use Business Desk in Microsoft Visual Studio .NET, and you want to import an XML catalog file that is on your local computer, you must do one of the following:

    • Move the local file to the server, and then import the XML file on the server.
    • Run Business Desk outside of Visual Studio .NET, and import the XML catalog file.
    • Change your security settings in Internet Explorer to enable or prompt for running unsafe components, and then import the XML catalog file from the local computer. This option is not recommended because it compromises the security of your computer.

  • The BizDeskSecurity object provides unsecured methods to read from and write to a Commerce Server database. This is also true of other objects, such as catalogs. Access to the servers, including the ability to upload scripts, must be controlled independently by system administrators.

  • The BizDeskSecurity object does not differentiate between built-in local groups on two or more different computers. This does not apply to user-created local groups.

    • For example, Commerce Server is installed on two computers:
    • Computer A has a Complete installation, and a Solution Site is unpacked on it.
    • Computer B has a Web server installation, and the Business Desk application is unpacked on it.

    You add a domain\account1 to local guests group on both computers.

    On Computer A, you use the Business Desk Permissions module to add local guests group to the Windows account list, and give that group access to the Profiles modules.

    On Computer B you log on as domain\account1, open Business Desk, and you will have access to the Profiles modules.

Copyright © 2005 Microsoft Corporation.
All rights reserved.