White list internet browsing

Discussions around the setup, operation, replacement, and disposal of clerk computers, not to include using MLS
Post Reply
lajackson
Community Moderators
Posts: 11681
Joined: Mon Mar 17, 2008 10:27 pm
Location: US

#31

Post by lajackson »

rmrichesjr wrote:I seem to recall a statement in an earlier thread that MLS requires administrative privileges due to some issues in the third-party software embedded in MLS to do transmit/receive operations. I searched for that statement but was not able to find it.
The reference would be to the help desk, adamant that only the clerk login be used and that the password not be changed. I am sure they have their reasons, and I agree that it would be better if it were not that way, at least as far as security is concerned for the desktop itself. On the other hand, MLS itself has additional passwording and levels of access.

My personal experience with MLS shows the wisdom of using only the one administrative login. The issue is not the MLS Send/Receive itself. The challenge is when a patch or a change to the database comes down the line.

The patch issue seems to require computer administrative privileges for many changes or the patch does not work. MLS seems to assume that the patch was successful, whether or not it was.

The database change issue, which would occur with almost any transmission, results because it seems that MLS does not check to see who is logged in and, with the assistance of Java, writes files sometimes to the clerk directory and sometimes to the directory of the desktop login. Eventually, the database becomes corrupt because parts of it are in different places, and MLS does not seem to be able to connect the dots.

I do not know if the latter could be fixed through programming. Well, it probably could be, but perhaps it is not worth the effort. Rather, the instruction is to use the same predictable login so that the database does not become corrupt, or pay the penalty of restoring from backups or from CHQ after losing data.

I am not aware if the communication software itself requires an administrative login. I know that you can Send/Receive from a user login, and sometimes if works and sometimes it does not. Afaria is the software. It writes files as it works its magic. I suspect it is happier if it has the needed permissions and works in the same area each time.

I have written a few little simple basic programs over the years. I have tried to write them so that it does not matter who logs in where or what they had for lunch. But even so, when it comes time to write files and save data, there are issues. These are not the days of DOS anymore.
Top
russellhltn
Community Administrator
Posts: 35510
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#32

Post by russellhltn »

rmrichesjr wrote:I seem to recall a statement in an earlier thread that MLS requires administrative privileges due to some issues in the third-party software embedded in MLS to do transmit/receive operations. I searched for that statement but was not able to find it. While I agree that (in theory) MLS shouldn't need administrative privileges, some research, testing, and caution would be advisable if anyone is considering changing privilege levels from the default setup.

Maybe. But the instructions for Desktop 5.5 are quite clear:
Step 6: Log on to the computer, using the user name CLERK (in all capitals, as shown here) and the password (....) This is the computer administrator account. It is also the only account to be used to run MLS. Please do not allow this username or password to be changed.

You should now create a separate Windows administrator account for yourself. If the unit leader has indicated that limited-use or guest-user accounts are needed on the computer, such as for members to use family history programs, you may create them now.

Do not create Windows nonadministrator accounts for anyone who will use MLS. Any attempt to transmit MLS data from a nonadministrator account will result in transmission difficulties.
Normally when I'm told that some software has to have admin rights to run, that raises my competitive spirits to prove them wrong. (I've done it on a few occasions.) BUT....

While I'm quite sure I could manage to find the settings to make MLS run and probably even the send/receive software, there's no practical way for me to test that the update process would work - not just for some current update but for all future updates. Just too much is unknown.

So for that reason, I follow what the instructions say and urge others to do likewise. Otherwise, they might find themselves trying to troubleshoot a computer at a inopportune time. And if they are a STS, multiple computers.
Top
Post Reply

Return to “Clerk Computers”