Managing no-password proxies for Domain Accounts

When running a Connect:Direct service under a Windows domain account, proxies that map to a domain account no longer require a password to perform programmatic user impersonation.

Sterling Connect:Direct Service Logon Account

Sterling Connect:Direct for Microsoft Windows running under a service logon account requires the following additional privileges to use proxies without a password when a custom logon account is a domain account. For more information see, Customize a Connect:Direct Logon Account.

• Trust this computer for delegation to specified services only - Turn on this privilege to allow Connect: Direct Logon Domain Account to Upload/Download files from a shared network drive present in the same domain. This privilege should be configured on the machine hosting the shared network drive.

• Act as part of operating system—Turn on this privilege to allow Connect: Direct Logon Account to impersonate another user.

Note: These privileges are stored locally, even when the computer is a member of a domain. Therefore, privilege cannot be set on the domain controller and granted to all computers on the domain.
  • Only a IBM® Connect:Direct® for Microsoft Windows admin who is a member of the local system’s Administrators group can create or update a no-password proxy.
  • Local User is a user who will be impersonated and hence must be a Domain User
  • To create a no-password proxy, simply omit the password of the Local User when configuring a proxy user