Equitrac: Error 403 when accessing System Manager on Windows 2008
With Equitrac Office, Equitrac Express, and Equitrac Professional 5, using a Microsoft Windows 2008 server operating system, when you start System Manager and attempt to connect to the Core Accounting Server (CAS), an "Error 403" error message appears. This behaviour occurs even though the user is a member of the Windows Administrator Group and has Equitrac Administrative rights.
This behavior occurs due to a change in the way the built-in Administrators group functions in Windows 2008 server. When a user is added to the Administrators group, they are not actually added to the group, as was the case in Windows 2003 and earlier. Instead, a flag is added to the user account, which enables a "Run as administrator" option for the user. Each time a user runs an application, they have the option to do so as a "regular" user or as an "administrator" user.
The impact of this change within Equitrac is that if the Access permissions for System Manger (Admin) use the BUILTIN/Administrators group, and a user launches System Manager as a regular user, they are not recognized as a member of the Administrators group, and access is denied. In order to properly run System Manger, they must right-click System Manager and select "Run as administrator."
Equitrac best practice (for any operating system) is to not use the default built-in administrators group. Instead, create a new group for each of the Equitrac access permissions, add those users who require access to each new group, and then assign the new group to the applicable option under Access permissions.