Changing the Messaging Gateway user context on Microsoft Windows

Last Updated: 12 Sep 2019

For users who require additional control of security, they can restrict the use of Messaging Gateway by creating a separate user on Windows.

The Messaging Gateway installs as a Windows Service, and so logs onto the computer differently. By default, it logs on using the LocalSystem account, which gives it full access to the OS. As a security precaution, its recommended that each application execute in its own security context. This article details the steps required for this change.

  • Create a new user on Windows
  • Navigate to Start - Administrative tools - Windows services. Search for the service Cloud Alert Messaging Gateway and stop the service.
  • In the Service Properties, navigate to the Log On tab;
  • Select This account option and specify the credentials of the newly created Windows user. Click Apply.
  • Navigate to the Messaging Gateway installation folder, typically c:\cag. Change the ownership of this folder and all sub-folders and objects under it to that of the newly created Windows user.
  • Start the service

This will restrict the use of Messaging Gateway to its installation directory.