By default PaperCut can use SQL authentication by configuring the database username and password in the PaperCut
server.properties file. This is discussed in the manual here. The
server.properties file is secured by only being accessible by Administrator users.
Some customers prefer to make use of the Windows Authentication features of SQL Server. This allows PaperCut to automatically login/connect to the database using the credentials of the user the “PaperCut Application Server” is running as. This avoids the need to store the username/password in the
To use Windows Authentication with SQL server some additional configuration is required.
It is generally recommended to configure PaperCut to first use SQL Server authentication and confirm everything is working before moving to use “Windows Authentication”. The Windows Authentication is more complicated to setup, so it’s good to get things working first with SQL Authentication.
To do this follow the upsizing guide in the PaperCut manual.
After completing this you should have PaperCut running using the SQL Server database.
By default the PaperCut Application Server runs as the SYSTEM account. You need to change PaperCut to run under a user account that is granted permissions to the SQL Server database.
3.1. Create a domain user account to run the PaperCut Application Server service. It is recommended to name the user something like “papercut_svc”. Ensure that the user is configured so their password never expires. Also ensure that the user has local administrator privileges on the server running PaperCut.
3.2. Change the PaperCut Application Server service to run as the “papercut_svc” user. To do this select the “PaperCut Application Server” service in the Windows service tool (Control Panel→Admin Tools→Services), then right-click and select ‘Properties’. On the “Logon” tab enter the username/password of the new papercut user. Press ‘OK’ to apply the changes.
3.3. Restart the PaperCut Application Server service using the service control panel. Wait for the service to start and test that PaperCut is operating correctly by logging into the admin interface.
SQL Server must first be configured to allow Windows authentication. This is configured within the SQL Server administration tools.
You will also need to grant the “papercut_svc” user full access to the PaperCut database (e.g. full access to read/updated tables and also to create and drop database tables.
Skip this section if you are running PaperCut 11.5 or newer (and continue with Configure PaperCut for SQL Server Windows authentication)
4.1. PaperCut versions 11.4 and earlier require an additional download: the jTDS SQL Server database driver package. This contains some DLLs required to use Windows Authentication with SQL Server. This can be downloaded from the jTDS project at the link below:
4.2. Save and extract the
jtds-1.2.5-dist.zip file to the server running PaperCut.
4.3. Copy the
x86\SSO\ntlmauth.dll file into PaperCut under the directory:
[app-path]\server\bin\win\lib (i.e. in the same directory as
4.4. If you are running the PaperCut 64-bit add-on pack (if you have not installed the 64-bit add-on pack, skip this step), you must ALSO copy the
x64\SSO\ntlmauth.dll file into PaperCut under the directory:
[app-path]\server\bin\win\lib64 (you will need to create the
lib64 directory). Then edit the file at
[app-path]\server\bin\win\win64.conf and add the following line to the end of the file:
5.1. Open the PaperCut
[app-path]\server\server.properties file in a text editor.
The connection settings need to be changed to enable Windows authentication, add
integratedSecurity=true to the connection string:
then remove the username (and password). If the username is not blank, “SQL Server” authentication will be used instead. Edit the server.properties file so that
database.username is empty. E.g.:
5.2. Save the configuration file.
5.3. Restart the service
PaperCut Application Server using the service control panel (Control Panel→Admin Tools→Services).
5.4. Test that PaperCut is working correctly by logging into the PaperCut admin interface.
Keywords: Microsoft SQL Server, Integrated Authentication, Windows Authentication