How to a Secure Password File on Microsoft Windows Systems

For remote monitoring and management, it uses the password and access files to control security. Details are documented in Using Password and Access Files.

Below describes how to set the file permissions of the password file on a Windows system using NTFS so that only the owner has read and write permissions on this file. If the file system is FAT32, the file system security is not supported and the password file cannot be secured.

  1. Right-click on the jmxremote.password file and select the Properties option.

    Explorer


  2. Select the Security tab:

    File Properties

    Note: If you are on Windows XP and the computer is not part of a domain, then the Security tab may be missing. To reveal the Security tab, do the following:

    1. Open Windows Explorer, and choose Folder Options from the Tools menu.
    2. Select the View tab and scroll to the bottom of the Advanced Settings and clear the check box next to "Use Simple File Sharing."
    3. Click OK to apply the change

    Folder Options

    When you restart Windows Explorer, the Security tab should now be visible.


  3. Select the Advanced button in the Security tab:

    Security


  4. Select the Owner tab to check if the file owner matches the user under which the VM is running:

    Advanced Security Setting


  5. Select the Permission tab to set the permissions: If there are permission entries inherited from a parent directory that allow users or groups other than the owner access to the file, then clear the "Inherit from parent the permission entries that apply to child objects" checkbox as shown in the following:

    Clear Inherit

    At this point it will prompt you to ask if the inherited permissions should be copied from the parent or removed. Press the Copy button:

    Copy Permission

    Then remove all permission entries that grant access to users or groups other than the file owner by clicking the user or group and press the Remove button for all users and groups except the file owner. Now there should be a single permission entry which grants Full Control to the owner.

    Complete

Press OK to apply the file security change. The password file is now secure and can only be accessed by the owner.