Changing the Startup Mode

Prerequisites:  
  • ActivID CMS is installed and configured to start in attended or unattended startup mode.

  • IIS and CMS servers are stopped.

For information about the difference between the two startup modes, see Attended Startup Mode vs. Unattended Startup Mode.

Warning! When you change the ActivID CMS startup mode from attended to unattended, we strongly recommend you obfuscate the Security Key Password, Database Owner Passwords, and the HSM PIN for the ActivID CMS system components. (Obfuscating the passwords replaces the passwords stored in clear text files with an encrypted version of the passwords.)

Change the Startup Mode to Unattended

  1. Using a text editor, edit the securedata.properties file in the %PROGRAMDATA%\HID Global\Credential Management System\Local Files\services\repositories directory.

  2. Comment the following line, if it exists, by adding a hashtag "#" at the beginning of the line as shown below:

    Copy
    # SecureData.mode = securesite
  3. Make sure that the following lines are present in the file:

    Copy
    SecureData.mode = insecure
    SecureData.SecurityPwd.insecureValue = <value>
  4. If you are deploying ActivID CMS with an HSM, uncomment the following line by removing the hashtag "#":

    Copy
    SecureData.HSMPin.insecureValue = <value> 
  5. If you are using an Oracle or SQL Server configured in SQL Server authentication mode, remove the hashtag "#" at the beginning of this line:

    Copy
    SecureData.DatabasePwd.insecureValue = <value>
  6. Restart the IIS and CMS Server services.

  7. On the Windows Start menu, point to Programs > HID Global > Credential Management System, and then click Password Obfuscation.

    The CMS - Secure Data dialog field appears:

  8. Enter the appropriate passwords, and then click OK.

  9. Open the securedata.properties file and check that the passwords you entered have been obfuscated.

    For example:

    Before password obfuscation, the following line appears as:

    Copy
    SecureData.DatabasesPwd.insecureValue = hidglobal

    After password obfuscation, the following line appears as:

    Copy
    SecureData.DatabasesPwd.value = 214245292631403e56

    Rules:

    If

    Copy
    *.insecureValue = value 

    is found, it is replaced by:

    Copy
    *.value = obfuscated value

    -or-

    If

    Copy
    *.value = obfuscatedValue 

    is found, it is replaced by:

    Copy
    *.value = newObfuscatedValue

    For example:

    HSM PIN

    Before obfuscation

    SecureData.HSMPin.insecureValue = value

    After obfuscation

    SecureData.HSMPin.value = 711302746564

    Database Password

    Before obfuscation

    SecureData.DatabasesPwd.insecureValue = value

    After obfuscation

    SecureData.DatabasesPwd.value = 214245292631403e56

    Security Key Password

    Before obfuscation

    SecureData.SecurityPwd.insecureValue = value

    After obfuscation

    SecureData.DatabasesPwd.value = 214245292631403e56

  10. To remove the password obfuscation:

    • Make sure that the IIS and CMS servers are stopped.

    • Using a text editor, edit the securedata.properties file in the %PROGRAMDATA%\HID Global\Credential Management System\Local Files\services\repositories directory.

    • Edit as follows:

    HSM PIN

    Remove

    SecureData.HSMPin.value = 711302746564

    Add

    SecureData.HSMPin.insecureValue = <value>*

    Database Password

    Remove

    SecureData.DatabasesPwd.value = 214245292631403e56

    Add

    SecureData.DatabasesPwd.insecureValue =<value>*

    Security Key Password

    Remove

    SecureData.SecurityPwd.value = 214245292631403e56

    Add

    SecureData.SecurityPwd.insecureValue =<value>*

    * <value> should be replaced by the real value of the HSM PIN/Database password/Security Key password.

Change the Startup Mode to Attended

  1. Using a text editor, edit the securedata.properties file in the %PROGRAMDATA%\HID Global\Credential Management System\Local Files\services\repositories directory.

  2. Comment the following line, if it exists, by adding a hashtag "#" at the beginning of the line as shown below:

    Copy
    # SecureData.mode = insecure
  3. Make sure that the following line is present in the securedata.properties file:

    Copy
    SecureData.mode = securesite