Too bad you can't set the Sage300 ADMIN user to a Windows User. It would resolve the password expiration issue.

We are going to have a lot of sites with password expiration policies nuking the ADMIN account with no easy way to recover.

I agree

Yes, we came to the same decision and are also still installing only PU 1 for the time being. 

I do think overall the concepts introduced in PU3 are a good step forward, but they seem to have been 'rushed to market' in a less than beta state.

Definitely, there is a big concern with the Admin account expiry and lack of ability to reset.  Whilst it was convoluted previously, it was still possible.

Other concerns are;

- the removal of product features with the PU3 update. eg. Global Search

- "At this time, there is no supported way of backing up and restoring a security enhanced environment." YIKES!

- Number Changers won't work initially

All of which they mention may be remedied in the 2024.0 version, so why release now and take the Sage 300 clients\users backwards?

Hi Stacey,

Enormous concerns about this.
Rightly most businesses don't use their admin account for proper controls, one person knows it, the business partner knows it but noone uses it on an active basis as it's a separation of duty, control issue, big SOX requirement, so they won't have a reminder then it's locked out.
It's ridiculous and dangerous.

There has to be a mechanism to have some accounts set to not expire without recourse.

Also have an issue where we have scheduled tasks using a user that has a password that doesn't expire, for reports or schedules with rights to a specific Sage task, that's it, noone is reminded about that one either so those tasks will stop.

Strong security is one thing, dangerous lack of usability is another and product update 3 is exactly that.

Just an Update we are doing more testing but but with Pu3 it looks like sage300 automatically creates SQL users for ALL sage300 users

So we can set a no expiry for the Admin user in there.

Just need to become more familiar with all the new setups.

Stacey

With Pu3 it looks like sage300 automatically creates SQL users for ALL sage300 users, So we can set a no expiry for the Admin user.

Just more configuration than we used to .

I think you might be wise to hold off on PU3 for a while as I can agree it looks rushed in for some strange reason. I have been working with PU3 on several sites. Some new installs other upgrades from previous versions. What I have found is it is way more time consuming than ever before. Sure I have the new database and user creation of pat now but the issues I have encountered have burned many days of time. I am sure some others have been thru the same but thought it might help those who have not get past some issues with my experience! This is a run thru of some of the issues

Fresh install with PU3 added means the admin password needs to be changed but even using the absolutely correct password that worked on the 1st screen it say incorrect!. Cure was to re-install without PU3 setup db setup and then after testing sage as working add pu3 after. The expired admin password is not there as it has not expired when pu3 is added.

Vault setup when DB setup is run correctly adds the new tables to the 2 databases and creates the vault folder in the site folder but then fails with error unable to update vault and store.. This was cured by re-creating the vault and store databases using sql-latin1-cp1-ci-as collation as the default collation for the SQL server was a bin collation as recommended by Sage! Looks like the PU3 was not tested using a case sensitive SQL collation. I never use case sensitive collations but this customer insisted on setting the SQL up themselves and using bin!

Not possible to change the Vault or Store db names or SQL server after 1st PU3 setup using DB setup. I made changes to the Vault folder under site folder as the ini in there contains the details. AS long as the Vault owner and password stay the same this worked. The only other option I used was delete the vault folder and the 2 db's and start again.