As you know, DualShield uses a SQL database as its data storage. In the DualShield installation process, you have the options to connect DualShield to either an internal MySQL server or an external MS-SQL or Oracle server. If you select to connect to an external SQL server then you will need to provide a SQL service account to make the connection. Some customers asked if they could use a Windows account instead. The answer is yes, but not in the installation process. You will have to use a temporary SQL account during installation. After installation, you can switch to a Windows account.

The instruction below describes how to switch to a Windows account after the DualShield server has been successfully installed.

Change the JDBC Connection String

You might also know that DualShield uses JDBC to connect to SQL server. We need to change the JDBC connection settings first. In a Windows Explorer window navigate to:

C:\\Program File\Deepnet DualShield\Tomcat\Config

Open the "server.xml" file in a text editor such as Notepad++. Locate the text similar to the following:

<Resource driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" factory="com.deepnet.dualshield.encryption.EncryptedDataSourceFactory" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" username="xxxx" password="yyyy" type="javax.sql.DataSource" url="jdbc:sqlserver://192.168.208.2:1433;DatabaseName=dualshield2;SelectMethod=cursor;"  validationQuery="Select 1" />


Make the following changes:

  1. Remove the attribute: factory="com.deepnet.dualshield.encryption.EncryptedDataSourceFactory"
  2. Remove the attribute: username="xxxx"
  3. Remove the attribute: password="yyyy"
  4. Add "integratedSecurity=true;" in the value of the "url" attribute


<Resource driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" type="javax.sql.DataSource" url="jdbc:sqlserver://192.168.208.2:1433;DatabaseName=dualshield2;SelectMethod=cursor; integratedSecurity=true;" validationQuery="Select 1"/>


As you have noticed, the username/password are removed, and a new attribute: integratedSecurity=true is added.

Once you have made the above change, save the "server.xml" file and exit the text editor.

Update JDBC Driver 

Depending on the version of your MS-SQL server, you might need to download the latest Microsoft JDBC driver

https://docs.microsoft.com/en-us/sql/connect/jdbc/release-notes-for-the-jdbc-driver

Unzip it to a temp folder on your local hard drive, then carry out the following operations:

1) In the temp folder find the file "mssql-jdbc-x.x.x.jre8.jar" and copy it to the folder "C:\Program Files\Deepnet DualShield\tomcat\lib". Replace the old file when prompted.


2) In the temp folder find the file "mssql-jdbc_auth-x.x.x.x64.dll" (make sure you select the correct version x64/x86 according to your DualShield/OS version), copy it to the folder "C:\Program Files\Deepnet DualShield\tomcat\lib"


Update JAVA Settings

Now, you need to add a Java option. In order to do that, you need to launch the JAVA Configure Console:

Open Windows Command Prompt, change to the "C:\Program Files\Deepnet DualShield\tomcat\bin" folder, then execute

tomcat6w.exe //ES//dualshield

  

Navigate to the tab Java add -Djava.library.path=C:\Program Files\Deepnet DualShield\tomcat\lib in Java Options , click Apply or OK button.

Change DualShield Service Logon Account

Check the property of the DaulShield service

By default, it logs on as "Local System account", you need to change to a windows account which is assigned with appropriate SQL permissions


Change DualShied Folder Access Permissions

If DualShiled is installed on the same machine where the SQL server is installed, you may still be able to use "Local System account". Otherwise, you must give the Windows account (in the example, spadmin@ds08.local) the full control to the "Deepnet DualShield" folder, allowing it to read, write & modify the folder and all of its sub folders. See below: