From 435e6f73136218d52a2d74cbf0f15bdca7e49c21 Mon Sep 17 00:00:00 2001 From: AJ Isaacs Date: Wed, 29 Oct 2025 11:04:18 -0400 Subject: [PATCH] chore(config,docs): remove MaterialsFile setting and update deployment notes - Drop PepSettings:MaterialsFile from appsettings.json - Update DEPLOY.md with guidance on service account and note that materials are sourced from DB - Remove obsolete reference to material.lfn --- PepApi.Core/appsettings.json | 1 - scripts/DEPLOY.md | 34 ++++++++++++++++++++++++++++++++-- 2 files changed, 32 insertions(+), 3 deletions(-) diff --git a/PepApi.Core/appsettings.json b/PepApi.Core/appsettings.json index 1361731..c8c3bc0 100644 --- a/PepApi.Core/appsettings.json +++ b/PepApi.Core/appsettings.json @@ -11,7 +11,6 @@ }, "PepSettings": { "NestDirectory": "\\\\REMCOSRV0\\PEP Nest", - "MaterialsFile": "C:\\Pep\\PEP2012\\CONFIG\\material.lfn" }, "Kestrel": { "Endpoints": { diff --git a/scripts/DEPLOY.md b/scripts/DEPLOY.md index bef3a8b..53aa33e 100644 --- a/scripts/DEPLOY.md +++ b/scripts/DEPLOY.md @@ -23,6 +23,8 @@ This will: - Open Windows Firewall for port 8085 - Start the service automatically +By default, the service runs under the current user (you will be prompted for your password). To install as LocalSystem instead, add `-UseLocalSystem`. + ### Custom Deployment ```powershell @@ -34,6 +36,35 @@ powershell -ExecutionPolicy Bypass -File scripts/Deploy-PepApi.ps1 ` -OpenFirewall ``` +### Run Service As User (for network access) + +By default the service runs under your current user to allow access to network shares. You can also explicitly choose an account: + +```powershell +# Prompt for the current user's password and install the service to run as you +powershell -ExecutionPolicy Bypass -File scripts/Deploy-PepApi.ps1 -RunAsCurrentUser + +# Or specify explicit credentials (you will get a secure credential prompt) +$cred = Get-Credential # Enter DOMAIN\User or .\LocalUser +powershell -ExecutionPolicy Bypass -File scripts/Deploy-PepApi.ps1 -ServiceCredential $cred + +# Or pass a domain user and get prompted for its password +powershell -ExecutionPolicy Bypass -File scripts/Deploy-PepApi.ps1 -DomainUser "MYDOMAIN\\jdoe" + +# Or pass domain and user separately +powershell -ExecutionPolicy Bypass -File scripts/Deploy-PepApi.ps1 -Domain "MYDOMAIN" -User "jdoe" + +### Install As LocalSystem (opt-out of default user) + +```powershell +powershell -ExecutionPolicy Bypass -File scripts/Deploy-PepApi.ps1 -UseLocalSystem +``` +``` + +Notes: +- The account must have the "Log on as a service" right. Windows typically grants this during service creation. +- Ensure the account has read access to configured network paths in `appsettings.json`. + ### Configuration After deployment, **you must update** `C:\Services\PepApi\appsettings.json`: @@ -45,7 +76,7 @@ After deployment, **you must update** `C:\Services\PepApi\appsettings.json`: }, "PepSettings": { "NestDirectory": "\\\\YOUR_SERVER\\PEP Nest", - "MaterialsFile": "C:\\Pep\\PEP2012\\CONFIG\\material.lfn" + "Materials": "Now sourced from database (no file path)" } } ``` @@ -197,7 +228,6 @@ New-NetFirewallRule -DisplayName "PepApi HTTP 8085" ` - Verify service account has read access to: - Nest directory (`\\REMCOSRV0\PEP Nest`) - - Materials file (`C:\Pep\PEP2012\CONFIG\material.lfn`) - Configure service to run as appropriate account ### Port Already in Use