Permissions

Signotaur runs as a Windows Service under a designated service account. For Signotaur to function correctly, this account needs permissions for accessing files, certificate stores, library DLLs and network resources.

1. Service Control Permissions

  • Permission: Log on as a Service
  • Purpose: Allows the user account to run Signotaur as a Windows Service.
  • See 'Log on as a Service' permission guide

Note: This permission is assigned by the installer. Set it manually only if you change the service user account after installation.

2. Database File Access

  • Folder: C:\ProgramData\vsoft\Signotaur\Server
  • Permissions Needed: Read and Write
  • Purpose: Allows Signotaur to access and update its SQLite database stored in this location.

3. Logging Access

  • Folder: C:\ProgramData\VSoft\Signotaur\Server\Logs
  • Permissions Needed: Read and Write
  • Purpose: Required for writing log files.

Note: A different log folder location ()LogFileLocation) may be specified in the configuration file.

4. File Storage Access

  • Folder: C:\ProgramData\VSoft\Signotaur\Server\Files
  • Permissions Needed: Read, Write, and Delete
  • Purpose: Required for saving uploaded PFX files.

5. Certificate Store Access

Signotaur can access both user and system certificate stores to retrieve certificates (including those with private keys).

  • User Certificate Store:
    • Access is automatically granted to each user account for its own certificates.
  • System Certificate Store:
    • Grant Read access to the certificate and Read Key access to the private key for any certificates required by Signotaur. See System Certificate Store Permissions for details.

6. PKCS#11 Library Loading

To access certificates on PKCS#11 hardware devices, Signotaur loads required library DLLs from device-specific directories.

  • Example Folders:

    • YubiKey: %ProgramFiles%\Yubico\Yubico PIV Tool\bin\
    • SafeNet eToken: %SystemRoot%\System32\

  • Permissions Needed: Read and Execute

  • Purpose: Grants Signotaur access to load and execute the required PKCS#11 libraries, such as libykcs11.dll and eTPKCS11.dll.

7. Event Log Access

  • Permission: Write access to Event Log
  • Purpose: Allows Signotaur to log errors or warnings to the Event Log.
  • See Event Log permission guide

8. Network and Internet Access

To download a trial license or check for updates, Signotaur makes HTTP requests to:

  • https://www.finalbuilder.com
  • https://downloads.finalbuilder.com

Ensure network access is available to these URLs through any firewall or proxy to enable this functionality..

Following this guide will ensure that Signotaur has all the necessary permissions to run smoothly. For any additional support, please contact our technical support team.