Skip to main content


Documentation & User Guides | FotoWare

Configure services in the Operations Center

After installing the server applications a shortcut to the Operations Center is placed in the server's desktop. This is where all the FotoWare services are configured. The first time you start it, it will ask you for credentials before you may access it.

Video: Installation and configuration of the Operations Center

The video below outlines the installation of the Operations Center and the configuration of the FotoWare service account. It also explains how to control access to the configuration of FotoWare services on the server through the Operations Center.

Who can access the Operations Center?

When the Operations Center is installed, it creates two user groups on the server - FotoWare Operators and FotoWare Administrators. By default, members of the local Administrators group on the server are automatically made members of both the FotoWare groups.

The idea behind these two groups is that members of the FotoWare Operators group can access the Operations Center and are allowed to start, stop and restart server services and individual processes. However, FotoWare Operators may not change the actual configuration and workflow on the installed server applications. This is the privilege of the FotoWare Administrators group, which has full access to the Operations Center and may configure the workflow and configuration of the server applications.

You can add any existing user on your network, for instance domain users, to one or both the FotoWare groups on the server to give them access to the system. Note, however, that you cannot add groups to these groups - users have be added explicitly.

Privilege FotoWare Operator FotoWare Administrator

Access the Operations Center



Monitor server activity, performance and load



Start and stop services



Configure indexes in Index Manager



Configure channels in Connect



Configure workflow in Color Factory


Not implemented, Color Factory uses a separate administration program.

Setting a process account for the FotoWare services

While each application's service runs under the Local System Account, the Process Account is used for scanning document folders, writing and maintaining indexes, handling FotoWeb requests and so on. In short, it's a common account that handles the processing that is carried out by all FotoWare applications on the server.

Choosing a process account

Important: This process account must be a member of the local Administrators group on the server that it runs. Learn why.

The first time you access the Operations Center you will be asked to provide credentials for the FotoWare process account. However, if FotoWeb has been installed on the server, the FotoWeb setup wizard will already have asked you to set a process account. If you want to change it, you can go to the Server Settings tab in the Operations Center and change its credentials in the Process account section.

Setting a process account for the FotoWare services on the server

 Process account implications for FotoWeb

If you specify a domain account and fill in the Domain field as, or something similar using a suffix, you will not be able to use a trusted connection when connecting FotoWeb to the SQL database. That's because the SQL database stores the windows user with only the short form of the domain name, omitting the three-letter suffix (.net, .com etc.) so that the SQL server will not be able to find the user.

You should also be aware that if your FotoWeb site runs on Internet Information Services, the process account specified in the Operations Center will be used to power the FotoWeb application pool in IIS. You should make sure any password renewal policies in your domain do not affect the process account, as this may potentially lock out the process account and cause the FotoWare services on the server to stop. Also, if you change the process account in the Operations Center at any time, you must manually make sure to set the same account for the IIS app pool.

Using a domain account as the process account

Normally, when a FotoWare server is added to a domain, the local machine (System account) is automatically granted READ permissions for CN=Users in the directory. This is required to look up the appropriate AD account for the process account and to delegate the correct permissions for the process account on the machine. By using this approach, User Access Control can remain enabled on the server, as recommended by Microsoft.

If, for some reason, the local machine (System account) does not have this privilege, the FotoWare services will not to run and it will be necessary to grant those permissions explicitly in the directory.

Choosing between Local or Domain authentication

This is where you choose the authentication methods and user accounts that are used when the FotoWare server tries to reach other FotoWare servers in the network. These settings are configured on the Server settings tab in the Operations Center.

Client and server authentication settings in the Operations Center

Client authentication

Here you set the method of authentication to use for communications between FotoWare applications. When connecting to an index, for example, a FotoStation user may be asked to authenticate with a user name and password. The same is true when an Index Manager Union server connects to member indexes on other servers, for example. The Client Authentication setting controls whether the clients are authenticated in the server's local user registry or through the Active Directory. If you choose AD authentication, naturally the server must first be a member of the domain.

Server authentication

Here you can set the user name and password that this FotoWare server should use when connecting to other FotoWare servers on the network.  You add a new entry in the list by clicking the Add button, after which you type in the host name of the server you want to connect to and optionally the port number, and which user account you wish to use when connecting to that server. You can also specify that you want to authenticate using a domain account by typing domain\username in the Username field.


Let's say that you have set up two Index Manager servers already, called IM1 and IM2. Currently you are setting up a union server you want to configure to connect to the indexes on IM1 and IM2.
All three servers are members of a domain called FWWORKFLOW, and the domain user fwuser is configured as a local admin on all three servers.
When setting up the union server, you will need to specify which account it should use when connecting to IM1 and IM2. Simply click on Add and type in IM1 in the Host name field. Then type in FWWORKFLOW\fwuser in the Username field to authenticate using the domain user. Then type in the fwuser's password in the Password field.
Repeat the process to add the IM2 server authentication in the same way.

Note: When using the file browser in any of the server interfaces you will notice that when connecting to a server for which no authentication credentials have been defined, you will be given the opportunity to manually enter a user name and password. This information will be stored in this list in the Operations Center and used for future connections to that server.

  • Was this article helpful?