Answer

It is recommended that Planview Hub is installed on a server running behind a corporate firewall, requiring a user login to access its configuration UI to prevent the application from being exposed to vulnerabilities. When Hub is installed on a Windows OS machine, however, the application runs as a service via the local system account by default — you may want to consider setting a specific logon account to increase security.

First, ensure the desired user has the correct permissions. To configure a service logon, click here. Then, update the Hub and Keycloak service logon information with the newly-created credentials:

1. Open the Windows Services view by pressing Win + R to open the Run dialog, then type services.msc, and press Enter. Alternatively, you can search for "Services" in the Start menu.

2. Locate Tasktop and Keycloak service from the view.

3. Stop the services.

4. Open the Properties menu by right-clicking on the service again, but this time select "Properties".

5. In the Properties window, locate and click on the "Log On" tab.

6. Change the Logon account: Here, you'll see options for how the service logs on. By default, it might be set to "Local System account". Click on the "This account" option and specify the user account and password you want the service to use. Make sure this user has the necessary permissions to run the service.

7. Apply changes: After entering the new credentials, click "Apply" to save the changes.

8. Restart the service: If you stopped the service earlier, now you can restart it by right-clicking on it and selecting "Start".

Recommended Windows user privileges:

• Full access permission(R/W/Ex) to Hub app and data folder and their sub folders and files

• SE_CREATE_PERMANENT_NAME (enabled)

• SE_CHANGE_NOTIFY_NAME (enabled)

• SE_CREATE_GLOBAL_NAME (enabled)

• SE_IMPERSONATE_NAME (enabled)

• SE_DEBUG_NAME (enabled)