As you know, DualShield uses a SQL database as its data storage. In the DualShield installation process, you have the options to connect DualShield to either an internal MySQL server or an external MS-SQL or Oracle server. If you select to connect to an external SQL server then you will need to provide a SQL service account to make the connection. Some customers asked if they could use a Windows account instead. The answer is yes, but not in the installation process. You will have to use a temporary SQL account during installation. After installation, you can switch to a Windows account.
The instruction below describes how to switch to a Windows account after the DualShield server has been successfully installed.
Change the JDBC Connection String
You might also know that DualShield uses JDBC to connect to SQL server. We need to change the JDBC connection settings first. In a Windows Explorer window navigate to:
C:\\Program File\Deepnet DualShield\Tomcat\Config
Open the "server.xml" file in a text editor such as Notepad++. Locate the text similar to the following:
|<Resource driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" factory="com.deepnet.dualshield.encryption.EncryptedDataSourceFactory" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" username="xxxx" password="yyyy" type="javax.sql.DataSource" url="jdbc:sqlserver://192.168.208.2:1433;DatabaseName=dualshield2;SelectMethod=cursor;" validationQuery="Select 1" />|
Make the following changes:
- Remove the attribute: factory="com.deepnet.dualshield.encryption.EncryptedDataSourceFactory"
- Remove the attribute: username="xxxx"
- Remove the attribute: password="yyyy"
- Add "integratedSecurity=true;" in the value of the "url" attribute
|<Resource driverClassName="com.microsoft.sqlserver.jdbc.SQLServerDriver" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" type="javax.sql.DataSource" url="jdbc:sqlserver://192.168.208.2:1433;DatabaseName=dualshield2;SelectMethod=cursor; integratedSecurity=true;" validationQuery="Select 1"/>|
As you have noticed, the username/password are removed, and a new attribute: integratedSecurity=true is added.
Once you have made the above change, save the "server.xml" file and exit the text editor.
Update JDBC Driver
Next, download Microsoft JDBC Driver 4.0 for SQL Server, unzip it to a temp folder on your local hard drive, then carry out the following operations:
1) In the temp folder find the file sqljdbc4.jar and copy it to the folder "C:\Program Files\Deepnet DualShield\tomcat\lib". Replace the old file when prompted.
2) In the temp folder find the file sqljdbc_auth.dll (make sure you select the correct version x64/x86 according to your DualShield/OS version)
copy it to the folder "C:\Program Files\Deepnet DualShield\tomcat\lib"
Update JAVA Settings
Now, you need to add a Java option. In order to do that, you need to launch the JAVA Configure Console:
Open Windows Command Prompt, change to the "C:\Program Files\Deepnet DualShield\tomcat\bin" folder, then execute
Navigate to the tab Java add -Djava.library.path=C:\Program Files\Deepnet DualShield\tomcat\lib in Java Options , click Apply or OK button.
Change DualShield Service Logon Account
It is close to finish. At this time, you may still wonder why there is no username /password in the new JDBC connection string and which particular user will be used to connect to the SQL server? Here is the answer.
Check the property of DaulShield service
By default, it logs on as "Local System account", you need to change to a windows account which is assigned with appropriate SQL permissions
Change DualShied Folder Access Permissions
If DualShiled is installed on the same machine where SQL server is installed, you may still be able to use "Local System account". Otherwise, you must give the Windows account (in the example, firstname.lastname@example.org) the full control to the "Deepnet DualShield" folder, allowing it to read, write & modify the folder and all of its sub folders. See below: