A Windows User Account Explicitly Denied Authentication Access Can Still Log In If It Is Linked to a Trusted Laserfiche Trustee Account.

June 16, 2008 | KB: 1011996

https://support.laserfiche.com/kb/1011996/a-windows-user-account-explicitly-denied-authentication-access-can-still-log-in-if-it-is-linked-to-a-trusted-laserfiche-trustee-account-

Laserfiche 8, Laserfiche 9

A Windows user account explicitly denied authentication access can still log in to a repository if the denied Windows user account is already linked to a Laserfiche user account.

Laserfiche user settings take precedence when a Windows user account is explicitly linked to a Laserfiche user account. This includes authentication settings.

The Laserfiche 8 Administration console displays warnings when creating this type of configuration.

When you link a Windows user account to a Laserfiche user account and the repository already contains an entry for that Windows user account in the Windows Accounts item, you will receive the following warning message:

Authentication, security and audit settings have already been assigned directly to the Windows account user that is being linked to this trustee. The authentication, security and auditing settings set directly on that Windows account will now be ignored because Laserfiche trustee rights take precedence.

When you add a Windows user account to the Windows Accounts item in the administration console and the Windows user account is already linked with a Laserfiche user account, you will receive the following warning message:

This Windows user has already been linked to Laserfiche trustee 'LaserficheTrustee'. Authentication, security and auditing settings for that Laserfiche trustee will take precedence over the rights assigned to this Windows user. Are you sure you want to add this user?