2. user rights
Hypersoft programs in networks need user rights for the drives and operating systems.
The checkout stations and other workstations log on to a network. Depending on the setting of the network, certain rights then apply to this user. Systems supplied complete by Hypersoft are configured accordingly.
Preliminary Hypersoft internal permissions...
The authorisations within the Hypersoft system are set for the point of sale using roles in the operator authorisations. The authorisations as Hypersoft user of the programmes and the Hypersoft workstations are configured via the user administration.
Variant A - simple requirement for user rights
Give administrator rights to the user under which the computers used by the Hypersoft programmes log on. Dis ensures that all automatic processes such as updates and support can be carried out.
Set up cashier stations and workstations...
At POS stations and also at other workstations, some programs must also be started when the operating system is started. The setup for this takes place in the Remote Commander, which controls the Terminal Commander for each terminal. The Terminal Commander checks necessary accesses and starts all important and set components. The Terminal Commander itself is started with a batch file via the autostart of the operating system "As Administrator".
Windows 8.1 programs that are to be run "as administrator" (as well as Terminal Commander) cannot be started from the Autostart folder under Windows 8.1. Therefore, a BATCH file "TERMINALCOMMANDERSTARTER.BAT" is called in the Autostart folder (located in the MCP directory).
With the station type Tablet, the administrator mode is automatically deactivated.
Variant B - differentiated requirements for user rights
With this variant, the programmes act as users and explicitly log in as administrators for special actions such as configurations and registrations. This means that at least one user and one administrator are created on the device and the administrator's access data is communicated to the Hypersoft programme (this information is stored in encrypted form).
An administrator is still required for the (one-off) setup of a Hypersoft // system (database installation, IIS services, etc.).
However, the programmes can run under a user without administrator rights. The user requires, User & Main user as user group // The administrator then accordingly, User & Main user & Administrator rights.
The initial installation is carried out with administrator rights. After installation, you can switch to a user with fewer rights. Alternatively, you can also give the desired user local administrator rights for the installation period and then remove them again.
Please do not experiment with authorisations and the Hypersoft programmes. If the necessary authorisations are missing, this can lead to serious malfunctions or even irreparable damage to your data and programmes, which may not be able to be rectified as part of standard support. If you have any questions, please contact Hypersoft Support with all the details and give us some time to process this issue.
The permissions must allow the following...
- Read and write on own and server drives. On servers in the Hypersoft directory. [S:]\Hypers-!\
- Create, modify and delete files and directories.
- Executing Setups and Program Installations
- Start any application.
- Registering files and programs
- Use of different services and performances of the operating system
Practice has shown that it may be necessary to install updates spontaneously. If Hypersoft is unable to do so due to lack of rights or failure to release rights, this may result in malfunctions. If this requires the availability of a system administrator on the client side, you as the client would have to ensure that the system administrator can provide availability at any time - without delay.
Variant B for server or main cash registers
For the server, the setting Default must remain, even if the logged-in user does not have admin rights. Background: Some settings not only require an account with admin rights, but must also have the parameter Start as administrator. Therefore, you must leave this setting for the server as it is.
The following settings are available for selection:
• Standard (by Installer / TabletMode etc )
• Administrator = Station runs with administrator rights
• User = The ward runs with user rights (i.e. restricted), the programmes that require administrator rights are started with the corresponding user and password, for which these can be stored in the ward settings.
The password of the administrative system settings is stored encrypted by Hypersoft using a special algorithm.
After any changes, the Terminal Commander must be restarted twice at the respective station for technical reasons.
In the station administration in the System tab, access data for a (local) administrator account of the server is stored, so that Hypersoft programs can use this login to perform certain tasks and settings. Terminal Commander uses this data to start Hypersoft system programs and to manage services, hotfixes and setups on the PC. (Should the Terminal Commander not be able to do this, you will receive a corresponding message on your monitor) Windows logon can then be performed with a "normal user".
Multiple network cards and IP of the server...
If a server has multiple network cards, it is not safe to determine the IP of the server via the secondary registers (as there are multiple IP entries), some services (SOT, pager call, etc.) require the IP of the server for communication, so please enter here in these configurations for safety:
Local Security Policy...
To enable the programmes to be started as administrator under a user without administrator rights, please set the following Windows setting:
(Run - secpol.msc)
Please ensure that this group policy remains set as highlighted in the screenshot and is not overridden by other policies on your system.
Under Windows Server 2022, the Secondary Logon service may not be activated. Make sure that the service is set to Start Automatically and is running.
Back to the parent page: System landscape and installation