Vulnerability in EPiServer.Forms

Try our conversational search powered by Generative AI!

Configuring EPiServer CMO Thumbnail Service on Windows Server 2008 R2 and later Windows Server versions

Product version:EPiServer CMO 2 on EPiServer CMS 6 / 6 R2

Document last saved:


There is a known issue when login screen thumbnails are displayed for page variations in A/B test reports instead of screenshots of page versions. The thumbnail service is working under the standard LocalSystem account and you cannot login to a CMS website to generate thumbnails on unpublished pages; instead snapshots of the login screen are generated.

The root of the problem is changes in the security system of the Windows Server 2008 R2. Now, it is essential for a user to log in at least once, because some folders and security tokens are created only at the first login.

As the LocalSystem is a “virtual” user and cannot be used for logging in, it does not have all that stuff and there is no way to acquire it. Therefore, it has no place to store a cookie used by the Thumbnail service for authorization to the site and we see the login screen when it is running under the LocalSystem account.

How to solve the problem

The solution is to configure a special user account for the Thumbnail service, as follows:

  1. Create a user with the name you like or use one you already have in the system (it could be any user, not necessarily one in the Administrators group).
  2. Log in with the user to the system at least once.
  3. Log in with an administrator account (which you will need it to perform the following actions).
  4. Open Control Panel > Administrative tools > Local security policy.
  5. Go to Local Policies > User rights assignment.
  6. Add {your_user} to log on as a service policy.
  7. Run the command prompt with administrative privileges.
  8. Execute command netsh http add urlacl url=http://+:8731/ user={your_computer_name}\{your_user} (the URL parameter here is the one used in the Thumbnail service configuration file).
  9. Open Control Panel > Administrative tools > Services.
  10. Open the Thumbnail service properties, go to the Log On tab and define that the service must log on as {your_user} account and restart the service.

This fix can only be applied to the websites hosted with Windows Server 2008 R2 and later versions of Windows Server.