Creating a rescue account for security administration

If Meridian security is incorrectly configured or assigned, even a system administrator may not have access to a vault or its configuration. To circumvent Meridian security so that the configuration or assignment can be corrected, one Windows user account may be specified special access to a vault that bypasses all Meridian security.

This rescue account can be used temporarily to grant additional privileges (for example, Change configuration) to roles that are assigned in the vault or to change the role assignments (for example, the Administrator role) in the vault. This is the only way to access the system if you have locked yourself out of the vault with incorrect role settings.

To create a rescue account:

1. Open Registry Editor on the Meridian application server and locate the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Cyco\AutoManager Meridian\CurrentVersion\OML

2. On the Edit menu, point to New, and select Key. A new registry key named New Key #1 appears in the left pane. Rename it to AMServerManagerAccount.
3. Make sure that AMServerManagerAccount is selected in the left pane and then double-click (Default) in the right pane. The Edit String dialog box appears.
4. Type the account name (for example, AMBackDoor) to use in Value data and click OK.

Note    This key should only be created when needed to access the system with the rescue account. After the changes are made that required the rescue account, this key should be removed completely. When this key is available (even when the account name specified is empty or does not exist), it will cause processing overhead on the server. Deleting this key prevents the overhead.

NEW  Note    When this key is set, the computer is assumed to be a Meridian application server and the automatic client update feature described in Upgrading Meridian client computers automatically is cleared on the computer.