workplace applications installation/upgrade guide · internet explorer 7 or greater (ie 9 or...
TRANSCRIPT
WorkPlace Applications Installation/Upgrade Guide
Designed for WorkPlace 2016 and Greater (v16.00+)
Paramount Technologies Inc.
1374 East West Maple Road
Walled Lake, MI 48390-3765
Phone 248.960.0909 • Fax 248.960.1919
www.ParamountWorkPlace.com
W O R K P L A C E I N S T A L L A T I O N G U I D E
Copyright Copyright © 2016 Paramount Technologies. All rights reserved.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights
under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval
system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or
otherwise), or for any purpose, without the express written permission of Paramount Technologies.
Notwithstanding the foregoing, the licensee of the software with which this document was provided may
make a reasonable number of copies of this document solely for internal use.
Trademarks WorkPlace is a registered trademark of Paramount Technologies and is registered in the United States
and other countries. Microsoft, Microsoft Dynamics GP, Windows, Windows Server and Windows Vista
are either registered trademarks or trademarks of Microsoft Corporation or its affiliates in the United
States and/or other countries.
The names of actual companies and products mentioned herein may be trademarks or registered marks -
in the United States and/or other countries - of their respective owners. Unless otherwise noted, the
example companies, organizations, products, domain names, e-mail addresses, logos, people, places,
and events depicted herein are fictitious. No association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Intellectual property Paramount may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Paramount, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
Warranty disclaimer Paramount Technologies disclaims any warranty regarding the sample code contained in this
documentation, including the warranties of merchantability and fitness for a particular purpose.
Limitation of liability The content of this document is furnished for informational use only, is subject to change without notice,
and should not be construed as a commitment by Paramount Technologies. Paramount Technologies
assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual.
Neither Paramount Technologies nor anyone else who has been involved in the creation, production or
delivery of this documentation shall be liable for any indirect, incidental, special, exemplary or
consequential damages, including but not limited to any loss of anticipated profit or benefits, resulting
from the use of this documentation or sample code.
License agreement Use of this product is covered by a license agreement provided with the software product. If you have
any questions, please call the Paramount Technologies Support at 800.725.4408 (in the U.S. or Canada)
or +1.800.725.4408.
Publication date July 2016
W O R K P L A C E I N S T A L L A T I O N G U I D E
Contents
PART 1: INTRODUCTION .................................................................................................................................. 5
Product Overview .................................................................................................... 5
What’s in this manual ............................................................................................... 6Symbols ................................................................................................................. 6
Before you contact support ....................................................................................... 6
PART 2: PREPARATION .................................................................................................................................... 7
Chapter 1: Three-Tiered Operating Environment ............................................................ 7
Chapter 2: Web Client System Requirements ................................................................ 7
Chapter 3: Web Server Recommendations .................................................................... 7
Chapter 4: Database Server Recommendations ............................................................. 8
Chapter 5: User Logins and Passwords ......................................................................... 9
User Authentication Options ...................................................................................... 9
Authentication Planning .......................................................................................... 10
Chapter 6: Requesting a WorkPlace License ................................................................ 12
Step 1: Generate the Info File ................................................................................ 12
Step 2: License Request Form ................................................................................. 14
Step 3: Submit Request ......................................................................................... 16
Step 4: Loading the License Certificate ..................................................................... 16
Chapter 7: Pre-Installation Checklist .......................................................................... 17
PART 3: WORKPLACE INSTALLATION ............................................................................................................. 18
Chapter 8: The WorkPlace Installation Wizard ............................................................. 18
Chapter 9: SQL Objects Installation ........................................................................... 21
Chapter 10: Scripting the Database Objects ................................................................ 23
Chapter 11: Web Objects Installation ......................................................................... 29
Chapter 12: Optional Windows Components ................................................................ 30
Chapter 13: Configuring your WorkPlace Website ......................................................... 33
Creating the Application Folder / Virtual Directory – Windows 2008.............................. 33
Creating the Virtual Directory – Windows 2003 .......................................................... 35
PART 4: ADDITIONAL SYSTEM CONFIGURATION ........................................................................................... 39
Chapter 14: Session User Setup ................................................................................ 39
Configuring using SQL Account ................................................................................ 39
Configuring using NT Pass-through .......................................................................... 39
Chapter 15: Specifying SQL Server Housing Company Databases .................................. 39
Chapter 16: Configuring User Authentication ............................................................... 39
SSO – Single Sign On Authentication ....................................................................... 39
SQL Authentication ................................................................................................ 44
SQLSHARED Authentication .................................................................................... 44
Active Directory / NT Authentication ........................................................................ 46
Active Directory / NTSHARED Authentication ............................................................. 47
Forms Authentication ............................................................................................. 50
Application Authentication ...................................................................................... 53
Chapter 17: Administrative User ................................................................................ 53
SSO Setup ............................................................................................................ 54
W O R K P L A C E I N S T A L L A T I O N G U I D E
Chapter 18: Crystal Report SQL User Account ............................................................. 54
Chapter 19: RFQ Vendor User ................................................................................... 55
Chapter 20: Date Format .......................................................................................... 55
Chapter 21: Session Timeout .................................................................................... 55
Chapter 22: Language Engine ................................................................................... 55
Chapter 23: Web Server Folder Security ..................................................................... 56
PART 5: LOGGING INTO WORKPLACE ............................................................................................................ 56
Chapter 24: Your WorkPlace URL ............................................................................... 56
APPENDIX A: WP AGENT UTILITY .................................................................................................................. 58
Uses ....................................................................................................................... 58
Configuration .......................................................................................................... 58
APPENDIX B: NOTES ON UPGRADING ........................................................................................................... 60
Upgrading from Previous WorkPlace Versions .............................................................. 60
General Notes ......................................................................................................... 60
APPENDIX C: UN-INSTALLING WORKPLACE .................................................................................................. 62
Remove the installed Web Objects ............................................................................. 62
Removing the installed SQL Databases ....................................................................... 62
Removing the installed Optional Windows Components ................................................. 62
APPENDIX D: DYNAMICS GP USERS .............................................................................................................. 63
Supporting GP 9+ Password encryption .................................................................... 63
Configuration .......................................................................................................... 63
Supporting GP 8 and earlier Password encryption ...................................................... 63
Configuration .......................................................................................................... 63
Functionality ........................................................................................................... 64
APPENDIX E: ENCRYPTING THE WEB.CONFIG ............................................................................................... 65
Encrypting Web.Config ............................................................................................. 65
Decrypting Web.Config ............................................................................................. 65
Microsoft Documentation for Encrypting and Decrypting Configuration Sections ............... 65
Encrypting a Web Configuration Section ................................................................... 65
Decrypting a Web Configuration Section ................................................................... 66
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 5 of 67
Part 1: Introduction
Use this manual to install and prepare Paramount Technologies WorkPlace Applications for use. Review the
introductory information about the resources available to you, and then use the WorkPlace Applications Checklist
as your guide to installing WorkPlace.
Product Overview
The Paramount WorkPlace Suite is built from the ground up for interoperability across heterogeneous
environments using open standards.
Paramount solutions will streamline your employee management and procurement processes, improve your
employee productivity and accelerate your business.
WORKPLACE EPROCUREMENT
Reduce direct and indirect purchasing costs, increase control over business transactions, and streamline the
employee management and procurement processes
WorkPlace eProcurement is a robust web-based eProcurement solution that allows organizations to automate the
complete procure-to-pay cycle – from product selection, requisitioning, approval and ordering to delivery, receipt
and financial settlement. The suite includes applications for requisitioning, PunchOut via cXML, check request,
budget compliance, RFQ, purchase order generation, receiving, invoice matching and vendor contract enforcement
with approval workflow throughout the entire process.
With an eProcurement solution in place, organizations empower their users throughout the enterprise:
Requesters get the convenience and efficiency of easy self-service for requisitions and check requests
Managers are able to manage by exception and accelerate approvals with automated workflow
Buyers can focus on building strategic supplier relationships to reduce costs
Payables maintains control over expenditures
Benefits
Eliminate error-prone paper-based processes
Reduce requisition-to-order costs and cycle time
Control maverick spending
Manage by exception - ensure that your purchases adhere to your policies
Ensure Sarbanes-Oxley compliance with a complete audit trail of transactions
Enable your procurement professionals to focus on strategic tasks
WORKPLACE PROJECT, TIME & EXPENSE
Automate the project lifecycle to improve resource utilization and streamline time & expense processing
Paramount Technologies’ project accounting solutions enable operational and financial management through project initiation, resource utilization, time and expense processing and earned value management. Via the
WorkPlace Project, WorkPlace Time, and WorkPlace Expense solutions, Paramount Technologies delivers web-
based, workflow-driven information for project and resource management.
Our solutions address the wide range of unique project accounting, financial management, billing and
procurement requirements in a multi-company, multicurrency environment. The success of a project-driven
business depends on the planning, managing and closing of projects in a timely, quality-focused and cost-effective
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 6 of 67
manner. Paramount Technologies’ solutions are designed to automate the project lifecycle, eliminate redundant data entry and provide visibility across the project portfolio and resource pool.
Benefits
Eliminate error-prone paper-based processes
Reduce requisition-to-order costs and cycle time
Control maverick spending
Manage by exception - ensure that your purchases adhere to your policies
Ensure Sarbanes-Oxley compliance with a complete audit trail of transactions
Enable your procurement professionals to focus on strategic tasks
What’s in this manual
This manual provides guidelines for installing and setting up your Paramount Technologies WorkPlace Applications
system. It lists the latest system requirements, contains a step-by-step guide through the installation process, gives
tips on troubleshooting, and describes initial setup procedures. The manual is divided into the following parts:
Part 2, Preparation, contains information about preparing your computers, network, and database
Part 3, WorkPlace Installation, describes how to install WorkPlace on your server and set up an account
framework.
Part 4, Additional System Configuration, describes how to configure WorkPlace.
Part 5, Enterprise Integration Application Connector, describes how to install and configure the EAIC
connector.
Part 5, Logging into WorkPlace, describes how to log on to your new installation of WorkPlace.
Symbols
The note symbol indicates helpful tips, shortcuts and suggestions.
The “i” symbol indicates situations you should be especially aware of when completing tasks.
Before you contact support
If you are experiencing a problem when installing WorkPlace Applications, have the answers ready to the following
questions to help your support specialist narrow down the source of the problem you’ve experiencing.
What is the exact error message?
When did the error first occur?
What task were you attempting to perform at the time the error message was displayed?
Has the task been completed successfully in the past?
What is the name of the window you are you working in?
What have you done so far to attempt to fix the problem?
Does the problem occur on another workstation?
What versions of software are you using?
Verify the version numbers for WorkPlace Applications, your Microsoft SQL Server, and Microsoft Windows®. Also
note service packs for each product.
Does the problem occur for the sa or System Administrator user?
Does the problem occur at the database server?
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 7 of 67
Part 2: Preparation
Chapter 1: Three-Tiered Operating Environment
WorkPlace is recommended for use with the three-tiered architecture model shown below. The WorkPlace
application resides on the Web Server (Front End), the Database resides on the SQL Server (Back End) and the
application is accessed from the Web Client.
Chapter 2: Web Client System Requirements
Paramount supports the following minimum client hardware requirements and server recommendations for
WorkPlace. (Note that the server recommendations are not the minimum server requirements.) The specific
hardware that you will need for your configurations depends on environmental factors. To achieve individual
performance expectations, you may need to increase these recommendations.
Component Requirements Notes
Browser Firefox version 3 or greater
Chrome version 16 or greater
Safari version 4 or greater
Internet Explorer 7 or greater
(IE 9 or greater recommended)
PDF Reader
For viewing WorkPlace reports
Browser based plug-in
Adobe Acrobat Reader(recommended if
using Internet Explorer)
Chapter 3: Web Server Recommendations
Actual requirements may vary depending on transaction volume, modules used and number of users.
Component Requirements Notes
Operating System Microsoft Windows 7 SP1
Microsoft Windows 8, 8.1
Microsoft Windows 10
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2008 R2 SP1
Microsoft Windows Server 2012
Microsoft Windows Server 2012 R2
It is recommended that the
Web Server is not the same
machine as the SQL Server. 32
and 64 bit is supported
WEB CLIENT
Setup Shortcut or IE Favorite
to launch WorkPlace
No installation or data
storage required
WEB SERVER
Houses WorkPlace Website
and Installation Folder
-- and (if required) --
EAIC Website and
EAICt Installation Folder
SQL SERVER
Houses WorkPlace Control
Database
and
Financial Application Company
Databases where SQL Objects
are installed
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 8 of 67
Component Requirements Notes
Microsoft Windows Vista SP2
Processor Dual Core or Multi-Processer, 2 Gigahertz
(GHz) or greater recommended
Storage 500 GB Hard Drive This space on the web server is
utilized for the .NET 4 Runtime,
Crystal Runtime and the
WorkPlace application.
Depending on number of users
and sizes of attachments more
storage may be necessary.
WorkPlace can be configured
to store attachments on a SAN
or other network drive to
reduce storage requirements
on the Web Server.
RAM 2 GB minimum (8 GB recommended)
Browser Firefox version 3 or greater
Chrome version 16 or greater
Safari version 4 or greater
Internet Explorer 7 or greater
(IE 9 or greater recommended)
Windows Internet
Information Services (IIS)
IIS 6.0 or greater
.NET Runtime Version 4.0 .NET Runtime version is
included with WorkPlace.
Provided as part of the WorkPlace installation Wizard:
Microsoft .NET framework
Crystal Reports 32bit and 64bit runtime engine
Chapter 4: Database Server Recommendations
Actual requirements may vary depending on transaction volume, modules used and number of users.
Component Requirements Notes
Database SQL Server 2016
SQL Server 2014
SQL Server 2012
SQL Server 2008 R2
SQL Server 2008
Enterprise, Standard, Web Editions
It is recommended that the
Web Server is not the same
machine as the SQL Server.
WorkPlace is both 32 and 64 Bit
compliant
Processor Dual Core
Multi-Processer recommended
Storage 500 GB Hard Drive Depending on number of users
and sizes of attachments, user
can store attachments on SAN
or other network drive to
reduce storage requirements.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 9 of 67
Component Requirements Notes
RAM 8 GB Minimum (16 - 32 GB recommended)
To ensure complete and proper module configuration inside of your Financial
Application, transactions within all required modules should be successfully processed
through to General Ledger Posting *PRIOR TO AND INDEPENDENT OF* the Paramount
WorkPlace module(s) installation.
Chapter 5: User Logins and Passwords
WorkPlace can be configured with any one of five modes of user authentication. See the chart below to select the
proper user authentication for your environment.
User Authentication Options
Option Details
SSO Single Sign On. This option allows for usage of 3rd party authentication services such as
Windows Live, Google and custom providers. When hosting WorkPlace in the cloud or in a
DMZ outside of the internal network this option can provide access to the local Active
Directory via Active Directory Federation Services (AFDS).
All SQL backend operations are performed using a shared user account. Under this option
the user names are the email addresses of the user.
SQL SQL Name and Password are used and passed directly through to the SQL Server. This
requires the user to be setup on the SQL server as a physical user and the user must have
access to all databases that WorkPlace requires access. It is recommended that the SQL
password encryption option is enabled in WorkPlace when using this method. Since the
users have access to the databases a user could use excel or other connectable
applications to access WorkPlace data if non-encrypted passwords are allowed.
SQLSHARED SQL Name and Password for authentication only. All backend SQL operations are
performed using a shared SQL user account. This method secures access to the physical
database as the user account does not have access to any of the physical databases. This
method is ideal in environments where other SQL applications are used and a shared SQL
name and password are desired.
NT The Active Directory user name that the user logged into Windows with (Integrated
Authentication) or the Active Directory user that was entered on the Basic Authentication
window (Non-Integrated Authentication) is simply passed through to the SQL Server. This
method as well as the SQL option both have the same drawbacks in that the user could
use an external application to get access to the SQL databases unless a firewall is enabled.
This method also suffers from the Double-Hop syndrome whereas the SQL Server, Web
Server and Client machines must all be enabled for delegation at the Active Directory level
as standard Kerberos authentication does not allow the client browser to authenticate to
the web server and then allow the web server to impersonate the credentials to the SQL
server.
NTSHARED The Active Directory user name that the user logged into Windows with (Integrated
Authentication) or the Active Directory user that was entered on the Basic Authentication
window (Non-Integrated Authentication) is used to identify the user to WorkPlace. The
SQL backend operations are all performed using a shared SQL account. This method is the
preferred model in larger organizations as the user cannot access the databases via
external applications and all password and account management is at the Active Directory
level. This option also eliminates the double-hop issue with Active Directory.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 10 of 67
Option Details
FORMS The Active Directory user name that the user logged into Windows with is used to
authenticate against the WorkPlace Web Server using IIS Forms Authentication. Once
authenticated against the web site, the user’s credentials are passed to the WorkPlace
solution which will authenticate against the application level security. All SQL backend
operations are all performed using a shared SQL account. This method is a preferred
model in larger organizations as the user cannot access the databases via external
applications and all password and account management is at the Active Directory level.
This option also eliminates the double-hop issue with Active Directory.
APP User accounts and passwords are managed by WorkPlace exclusively and all SQL backend
operations are performed using a shared user account. Under this option the user names
are the email addresses of the user. The key benefit with this method is that if users
forget their passwords they can simply click a “forgot password” button on the logon page
and reset their own passwords. This method is ideal for environments where account
management at the SQL or NT level is not ideal or empowering the user to manage their
own password cuts administrative overhead.
Authentication Planning
Before beginning installation of the WorkPlace application, you must determine which method of authentication
will be used. After making this choice, follow the steps in the appropriate section below:
SQL / SQL Shared Requirements
1. Create SQL Server logins and passwords in WorkPlace Security.
WorkPlace supports ENCRYPTED passwords when SQL User logins are created directly from
WorkPlace Security (for Help (F1) and activation, go to Maintenance Central System
Settings General tab)
For additional Sarbanes-Oxley compliance, WorkPlace has advanced password controls
available for SQL Server User Logins (for Help (F1) and activation, go to Maintenance Central Global Settings)
2. Create or use existing SQL User logins and passwords created in your Financial Application.
Register these users in WorkPlace Security.
See Appendix D for more information about registering Microsoft Great Plains / Dynamics
GP 9.x Users within WorkPlace.
3. Create or use existing SQL Server logins and passwords in MS SQL Server. Register these
users in WorkPlace Security.
4. If using SQL Shared then a special shared user account will need to be created that has
access to all the appropriate databases. This account will be referenced when you configure
the WorkPlace web.config.
Until users are set up in WorkPlace Security, ONLY user ‘sa’ or the administrative
user setup in the WorkPlace web.config file will be able to log into the application.
WorkPlace supports Dynamics GP 9+ password encryption. Refer to
Appendix ‘F’ of this guide for setup details.
NT / NT Shared Authentication Requirements
1. Create an NT WorkPlace User Group and make all WorkPlace users a member of this group.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 11 of 67
2. NT User names registered in WorkPlace Security must be preceded by the network domain name and
a back slash. For example: OURDOMAIN\jsmith.
3. If using NT Shared then a special shared user account will need to be created that has access
to all the appropriate databases. This account will be referenced when you configure the
WorkPlace web.config.
APP & SSO Authentication Requirements
1. Gather all the user email accounts that will be setup as WorkPlace users.
2. If using SSO then a special shared user account will need to be created that has access to all
the appropriate databases. This account will be referenced when you configure the
WorkPlace web.config.
FORMS Authentication Requirements
3. Confirm the client specific Active Directory Connection String that will be used to update the
web.config file.
4. Gather all the AD user names and email accounts that will be setup as WorkPlace users.
5. A special shared user account will need to be created that has access to all the appropriate
databases. This account will be referenced when you configure the WorkPlace web.config.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 12 of 67
Chapter 6: Requesting a WorkPlace License
To gain access to your WorkPlace application, you must first load a valid license certificate issued by Paramount
into the software. A valid license file can be obtained and loaded in four steps:
1. Generate and Save License Info file
2. Fill out License Request Form
3. Submit your License Info file and License Request Form to Paramount
4. Load your new License Certificate
All License Certificates have a predefined activation deadline. After the
deadline date, the certificate will no longer load into the application and a
new license will need to be requested.
Step 1: Generate the Info File
There are two methods of generating the License Info File:
Option A) Generate request from within WorkPlace. The License Info File can be generated and saved from within
WorkPlace: Maintenance Central System Settings General Tab Change License Certificate button
CLICK “Retrieve License Request Information” hyperlink
Select Save and make note of the folder where you save your new License Info file.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 13 of 67
Option B) Generate Info File from external utility
Locating the License Information Collector
Download this utility program from the WorkPlace Customer Area website.
1. Click ‘Request a License Certificate’2. Download the ‘License Information Collector’ to the machine you will use as the WorkPlace
web server
Before Running the License Information Collector
Make sure the SQL Server where the company data will resides is running.
IMPORTANT: The .NET Framework Run-Time v2 or greater must be installed on the web server
PRIOR to running the License Information Collector. If needed, a copy of the appropriate .NET
Framework can be installed using the WorkPlace Installation Wizard (‘Optional Windows
Components’ button).
IMPORTANT: The License Collector program MUST be physically located on the WorkPlace web
server and you MUST run it on the WorkPlace web server ONLY!!
If either of the two conditions above are not met, the License Information Collector
or any license you receive from Paramount will not operate properly.
Running the License Information Collector
The License Information Collector program is a single screen (as shown below). Enter all required information into
the form:
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 14 of 67
Select ‘Save License Request to Disk’ and note the folder where you save your License Info File.
Note: If you do not select ‘Save License Request to Disk’, you will not be
able to complete the license request process as outlined below.
Step 2: License Request Form
a) Go to the WorkPlace Customer Area website http://www.paramounttechnologies.com
b) Click ‘Request a License Certificate’c) Fill out License Request Form (Example below, settings may vary)
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 15 of 67
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 16 of 67
Step 3: Submit Request
a) Verify you have attached the License Info File
b) Click ‘Submit Request’
Step 4: Loading the License Certificate
Once you receive your license certificate log into WorkPlace as the System Administrator. Upon the initial login to the application after installing or upgrading, you will be required to load a new license certificate:
License Certificate Maintenance Form (your WorkPlace version number may differ):
The page above can also be located within the WorkPlace menu system:
Maintenance Central System Settings General Tab Change License Certificate button
1. Type in or Browse to the location that the License Certificate was saved to
2. Click “Load License Certificate”3. A confirmation window will appear
4. Press the ‘Continue to Re-Log On’ button and login to WorkPlace
After reading this chapter, if you are still having difficulties, please phone your
VAR or contact Paramount at: [email protected] or
248.960.0909
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 17 of 67
Chapter 7: Pre-Installation Checklist
□ Microsoft SQL Server - Installed and configured
□ Financial Application and Databases – Installed and configured
□ Authentication mode chosen: Active Directory/NT, Application, or SQL Server
□ Web server Machine/operating environment – Installed and configured, including:
1. Internet Information Services (IIS)
2. .Net Framework v4
3. All other components listed previously under “Web Server Machine Specifications.”4. Windows Active Directory NT/NT Shared Authentication ONLY – complete steps in the
‘Network/Domain Configuration’ section of this guide
□ WorkPlace License Certificate file in-hand (.lic extension)
□ Paramount’s WorkPlace Installation Wizard software
Download files from WorkPlace Customer Area website.
□ Read the Release Notes for the current version of WorkPlace (available on the Customer Area
website). Make note of any additional instructions.
□ CREATE BACKUPS:
1. Financial Application: Control Database and ALL Company Databases
2. Upgrade ONLY: Backup the WorkPlace web.config file and any modified Crystal Reports.
□ Determine the location for your ‘WorkPlace Web Server Installation Folder’
In a live/production environment, running the WorkPlace web server and MS SQL
Server services on the same machine is NOT recommended. These servers should be set up
on separate machines for optimum performance.
ALSO, this document does not include detailed installation or configuration instructions for
Microsoft IIS Web Server and SQL Server. For this type of information, please refer to the
reference manuals and online resources provided by Microsoft.
IMPORTANT: The instructions in Chapter 3 will guide you step by step through the process of installing the
WorkPlace Application in a demonstration, test, or production environment. Please follow all instructions in the
order listed unless otherwise noted. If UPGRADING, Please read Appendix B next. PLEASE READ ALL
INSTRUCTIONS BEFORE PROCEEDING.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 18 of 67
Part 3: WorkPlace Installation
All steps must be completed for a first-time installation; steps that can be omitted
in an upgrade are noted throughout this document and in Appendix B.
Chapter 8: The WorkPlace Installation Wizard
This Wizard is a graphical software interface that automatically guides you step by step through the WorkPlace
installation process.
Before starting the Installation Wizard
Close all currently running applications. Be certain that the MS SQL Server Database instance for your Control and
Company Database is running before you proceed. The Install Wizard needs to read and write to these databases in
order to install properly.
Launching the Wizard from a CD
Insert the WorkPlace Product CD into the drive located on the web server. If the CD drive is configured for
autoplay/autorun, the CD will start the Installation Wizard automatically. If the CD does not start automatically, select
StartRun and browse to the CD drive where the WorkPlace Installation CD has been inserted. Select the Setup.exe,
then OK from the Run menu and installation will begin.
Launching the Wizard from a ZIP archive
Extract the ZIP archive to your web server with the setting “include folder names.” A folder named after the WorkPlace
version number will be created with all necessary installation files. Inside that folder, double click Setup.exe to launch
the installation wizard.
The install code ZIP archive must be saved and extracted onto the web server. ALL
installation executables must be saved on launched on the web server ONLY!
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 19 of 67
In the Paramount Installation Wizard Window, click Next to proceed with the installation process.
In the License Agreement Window, carefully read the Paramount License Agreement. Select YES if you agree
to the terms of the Agreement and proceed with the installation process.
If you do not agree, select CANCEL and contact Paramount either by phone
248.960-0909 or by email at [email protected].
If you selected YES to the License Agreement the following screen appears, this is the Main Installation Window.
The steps appear in necessary completion order. As steps in the process are completed, you will automatically be
returned to this main window to begin the next step.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 20 of 67
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 21 of 67
Chapter 9: SQL Objects Installation
Before proceeding with SQL Object installation or Upgrade, be certain that
a recoverable backup has been made of your control and company databases.
1. In the Main Installation Window, select the SQL Objects button. This step is required for both initial set up and
upgrades.
The SQL Server must already be installed, configured and have all Control and Company Databases installed. Close all currently running applications (not including services).
2. Select the components to be installed by clicking the checkbox next to the desired components. If the .NET
Framework is already installed, it is recommended that you un-check that box and do not reinstall it.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 22 of 67
3. Destination folder: By default, the components will be installed to the C:\ drive of the local machine under
C:\ProgramFiles\WorkPlace\SQL or C:\Program Files (x86)\WorkPlace\SQL on a 64 bit OS. To change the
default installation folder, use the BROWSE button to navigate to the desired destination folder on the SQL
Server.
4. Select NEXT to proceed.
If the Default location of the web server installation folder is changed, be certain to make a note of the path to your installation folder location.
5. Review the settings and Select NEXT to continue if you are satisfied with the settings.
6. The SQL Objects and the PTI SQL Objects installer are copied to the destination folder.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 23 of 67
7. Select FINISH to begin the next phase of the installation process. Leave Launch PTI Installer checked to
continue on to next step.
Chapter 10: Scripting the Database Objects
Once the WorkPlace SQL Objects are unpacked and copied to the destination folder, they must be scripted into the
Company database(s) by our SQL Installer .NET utility program. To continue the installation process directly from
the Installation Wizard, page above, leave the ‘Launch PTI Installer’ box checked and click FINISH. The main installation window will reappear briefly, and then the .NET Installer will be launched automatically.
Database scripting must be performed for ALL installation types (Demonstration,
Test or Production (fresh Install) or Upgrade from prior version).
If you have closed out of the Installation Wizard and need to resume the installation process at this point, go to the
Windows Start Menu on your web server and select “SQL Installer .NET” under “All Programs.”
1. On the Connect to SQL screen, type in the correct path to the appropriate SQL Server database instance or
select it from the drop down menu or browse button. Choose the authentication method for the installer
program. NOTE that this choice is totally unrelated to how users will be authenticated when logging into
WorkPlace. ‘sa’ will default as the Login name for SQL authentication. If your DBO user login is not ‘sa’, enterthe appropriate login, password, and then select NEXT to continue
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 24 of 67
2. Select Dynamics GP as the WorkPlace Platform and Select NEXT to continue
3. In the Select Company Database(s) window, select the Microsoft Dynamics GP Control Database (i.e.
DYNAMICS). Simply check all Dynamics GP company databases that WorkPlace is to be installed against and
select NEXT to continue.
4. The installer command file ‘WorkPlace.xml’ determines which ‘module specific’ pages follow as the installer
continues to run. The default path is usually correct and should point to the folder where you initially
unpacked the WorkPlace SQL Objects. Select NEXT to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 25 of 67
5. Specify the ‘Installation Type’ by clicking the circle to the left of the desired option.
Each of these options upgrades the WorkPlace SQL Objects to the version that came with
the Installation Wizard. The difference between these options is the effect on data held in
the tables created by WorkPlace:
UPGRADE – leaves WorkPlace data UN-changed and scripts all objects and permissions.
PRODUCTION – empties all WorkPlace data tables. The first time WorkPlace is installed to a
company database, this option must be chosen.
DEMONSTRATION - empties all WorkPlace data tables AND loads in sample data that may
be helpful for sales demonstrations.
None of the Installation types will affect data in Control database tables.
Select NEXT to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 26 of 67
6. Select your Financial Application Version Number and select NEXT to continue.
7. Indicate the WorkPlace modules you have purchased by checking the boxes to the left of each appropriate
option. You may select multiple options. After clicking next a series of other options will be available for
different types of integrations and options. It’s important to select only what is valid in your environment and
for what you have licensed. Certain combinations should not be performed, for example if you install
Requisition you should not select both the WennSoft Job/Service and the Great Plains Project Accounting
Interface. Continue to click NEXT until all the options screens are answered.
8. The default options should be used for this page, Select NEXT to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 27 of 67
9. Select Start to begin scripting; this process may take a few minutes.
The installation of each script is listed as they are installed to the database. Each time the installer is run,
a log file is created and saved in the /Log subdirectory of the folder to which the SQL Objects were
unpacked.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 28 of 67
2. SQL Objects are now installed.
A log file is generated in the installation folder while the SQL
Installer is scripting the database objects.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 29 of 67
Chapter 11: Web Objects Installation
The web server machine’s operating environment must already be prepared and configured prior to installing the WorkPlace application’s Web Objects.
The installation of Web Objects is performed for BOTH fresh installs and Upgrades.
If you are UPGRADING – navigate to the Web Folder where WorkPlace was initially
installed. You must rename or print the web.config file for reference in configuring the
new web.config that will replace it during the upgrade. You should also backup any
reports that you have customized as you will have to re-copy those back in after the
upgrade.
1. Select the WEB OBJECTS button to begin installation of the WorkPlace Web Components
2. Accept the default location C:\Program Files (86)\WorkPlace, or replace the default location by typing over it
or using the BROWSE button to choose a destination folder location. Select NEXT to continue the installation
of the Web Objects
If the default installation location is changed, be sure to make note of the new
installation folder’s location. If UPGRADING, be certain that your original installation folder is selected AND that you copy, rename, or print your existing web.config file before
proceeding.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 30 of 67
3. Verify the settings before the files are copied to the local drive. Select NEXT to start copying files.
4. Select the FINISH button to return to the main installation window
Chapter 12: Optional Windows Components
All of the Optional Windows Components must be installed on the web server in order for WorkPlace to run
properly. Do not reinstall these programs if the same or a newer version already exists on your web server. To
install any of these components, select the OPTIONAL WINDOWS COMPONENTS Button on the main Installation
Wizard screen.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 31 of 67
If any components have been installed previously, they need not be selected when running the WorkPlace
installation wizard.
Periodically these components are updated in future versions of WorkPlace so it is important to make sure that these
exact versions of the components are installed. If you are in question simply install the components and they will tell you if
they are installed or not.
1. Select the components you wish to install and select NEXT to continue.
2. Verify the components to be installed and Select NEXT to continue. The installation wizard will run the setup
programs for any components you have selected.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 32 of 67
3. You have now completed all set up processes performed by the Installation Wizard! Click
Finish to go back to the main installation area.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 33 of 67
Chapter 13: Configuring your WorkPlace Website
This step is required for a first time installation; it may be skipped when upgrading. A WorkPlace web site must
be configured for each SQL Server where your Financial Application is installed i.e. TEST SQL Server instance vs.
Live SQL Server Instance. The previous Sections in this manual must be completed prior to configuring your
WorkPlace website.
Microsoft Business Portal: For additional required steps when installing
WorkPlace on the same machine with Business Portal, please refer to the
“Installing WorkPlace alongside Business Portal” document (available for download from the Paramount Customer Area) BEFORE proceeding.
Creating the Application Folder / Virtual Directory – Windows 2008
Open the Internet Information Services (IIS) by navigating to Start Settings Control Panel
Administrative Tools Internet Information Services (IIS) Manager. Once open right mouse click on
Applications Pools and select Add Application Pool…
On the Add Application Pool screen enter a name for the pool such as “WorkPlace”, then select “.NET Framework v4.0.30319” and finally select “Classic” as the Managed pipeline mode. Leave the “Start application pool immediately” checked and click OK.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 34 of 67
Now that the Application Pool is created we need to create the Application folder for WorkPlace and tie it to
this newly created Application Pool. To create the Application folder right mouse click on the Web Site that is
to contain the Application folder, in this example we are putting it on the Default Web Site. Click Add
Applcation…
From the Add Application screen enter the Alias that will be used from the web browser to access WorkPlace,
in this example we are using “WorkPlace”. Next select the Application pool “WorkPlace” that was created in step 2. Finally enter the folder where the WorkPlace web objects were installed, the default installation folder
“C:\Program Files (x86)\WorkPlace”. After this information is entered click OK.
WorkPlace is now configured for access. To test out access simply open a web browser and type in the url for
the web browser machine name along with the Application folder that we just configured, i.e.,
http://mywebserver/WorkPlace.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 35 of 67
Creating the Virtual Directory – Windows 2003
Open the Internet Information Services (IIS) by navigating to Start Settings Control Panel
Administrative Tools Internet Information Services (IIS) Manager. Once open right mouse click on
Applications Pools and select New and then Application Pool…
On the Add New Application Pool screen enter a name for the pool such as “WorkPlace”. Leave the “Use default settings for new application pool” checked and click OK
Now that the Application Pool is created we need to create the Virtual Directory for WorkPlace and tie it to
this newly created Application Pool. To create the Virtual Directory right mouse click on the Web Site that is to
contain the Virtual Directory, in this example we are putting it on the Default Web Site. Select New and then
Virtual Directory…
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 36 of 67
The Virtual Directory Creation Wizard will now appear, click Next to configure the Virtual Directory. Now
enter the Alias for WorkPlace, in our example we defined this as WorkPlace (this alias is how WorkPlace will be
accessed from the web browser). Click Next to continue.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 37 of 67
Now enter the folder where the WorkPlace web objects were installed, the default installation folder
“C:\Program Files (x86)\WorkPlace”. After this information is entered click Next.
From the Virtual Directory Creation Wizard select “Read” and “Run scripts (such as ASP)” and click Next.
The Virtual Directory is now created, click Finish.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 38 of 67
Now we need to tie the Application Pool to the Virtual Directory. Right mouse click on the WorkPlace Virtual
Directory and select Properties.
From the Properties window select the Application pool that we created in step 2.
WorkPlace is now configured for access. To test out access simply open a web browser and type in the url for
the web browser machine name along with the Application folder that we just configured, i.e.,
http://mywebserver/WorkPlace.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 39 of 67
Part 4: Additional System Configuration
Chapter 14: Session User Setup
In order for WorkPlace to maintain state between web pages a user defined connection string is available in the
web.config to direct WorkPlace to the proper SQL Server along with account information to access to the state
database tables.
It is recommended to use a special SQL user account for session management, if using the NT authentication
model you have the option of using pass-through for this setting. Even under the NT authentication model It is
still recommended to use a SQL account for access.
Configuring using SQL Account
1. Create the SQL session user account in SQL Server and set the default database to “PTIMaster” and fromwithin “PTIMaster” give this SQL user account full control on the “PTINETSessionHdr” and “PTINETSessionDtl”tables.
2. Open the web.config and specify this user account and the SQL Server name that holds the “PTIMaster”database. The section that holds this information is the “SessionSQLConnectionString”.
<add key="SessionSQLConnectionString" value="Password=J*&%$@12;Persist Security Info=false;User
ID=PTINETSessionUser;Initial Catalog=PTIMaster;Max Pool Size=500;Data Source=sqlserver\instance1"/>
Configuring using NT Pass-through
Configure an Active Directory group for use with WorkPlace and then add all users that will access WorkPlace
to this group. Now on the SQL Server add this group and set the default database to “PTIMaster” and from within “PTIMaster” give the group full control on the “PTINETSessionHdr” and “PTINETSessionDtl” tables.
Open the web.config and use the connection string specified below and specify the SQL Server name that
holds the “PTIMaster” database. The section that holds this information is the “SessionSQLConnectionString”.
<add key="SessionSQLConnectionString" value=" Integrated Security=SSPI;Persist Security Info=False;Initial
Catalog=PTIMaster;Max Pool Size=500;Data Source=sqlserver\instance1"/>
Chapter 15: Specifying SQL Server Housing Company Databases
The SQL Server housing the company databases for WorkPlace must be specified in the web.config. Simply open
the web.config and find the section “ServerName” and set the value to your SQL Server’s name and instance.
<add key="ServerName" value="sqlserver\instance1”/>
Chapter 16: Configuring User Authentication
There are seven user authentication options available; following will list each option and the required setup for
each.
SSO – Single Sign On Authentication
Third party authentication (Windows Live, Google, ADFS and custom providers) is used to access the WorkPlace
web site and is subsequently linked to a valid WorkPlace User account based on the users email address. Under
this security model all WorkPlace User Names must be the users valid email account. Since the SSO only
authenticates the user to WorkPlace, WorkPlace requires the Shared SQL account to be setup and configured – this
account is used for all database access.
1. Specify SSO in the web.config section “ServerAuthenticationType”.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 40 of 67
<add key="ServerAuthenticationType" value="SSO"/>
Uncomment the 3 sections in the web.config within the blocks: SSO Config Section 1, SSO Config Section 2 and
SSO Config Section 3.
In the SSO Config Section 1 there are a few settings that need to be filled in based on your SSO setup – see
them highlighted below. Replace the value http://localhost/workplace/ with a valid external URL for access to
WorkPlace, this value will also be specified as the Relying Party Application in the SSO Access Control Service
(this is outside of WorkPlace and in some instances will be obtained from Azure Access Control Services). The
next value we need to specify is the certificate information for the Token Signing Certificate, this will be
specified in the trusedIssuers section and in our example is obtained from the Azure Access Control Service ->
Service Settings -> Certificate and Keys meu option. Finally we need to set the issuer and the realm, the ream
will be already be set from a prior setup, the issuer comes PassiveRequestorEndpoint->Address element from
the WS-Federation Metadata file (see screen shots below for examples). … <system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost/workplace/"/>
</audienceUris>
<issuerNameRegistry
type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry,
System.IdentityModel, Version=4.0.0.0, Culture=neutral,
PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="A39AE26FADEEB1C9F0E618727570D776DB97DF15"
name="pticorp.accesscontrol.windows.net" />
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None"/>
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false"/>
<wsFederation passiveRedirectEnabled="true"
issuer="https://pticorp.accesscontrol.windows.net/v2/wsfederation"
realm="http://localhost/workplace/" requireHttps="false"/>
</federationConfiguration>
</system.identityModel.services>
…
WINDOWS AZURE RELYING PARTY APPLICATION SETUP
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 41 of 67
AZURE ACCESS CONTROL SERVICE TOKEN SIGNING CERTIFICATE AND KEY
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 42 of 67
AZURE WS-FEDERATION METADATA URL DOWNLOAD LINK
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 43 of 67
AZURE FEDERATIONMETADATA.XML
If using a SSO Identity Provider other than Windows Live or ADFS you will need to specify the claim type used
to define the unique attribute for the authenticated user. This value goes into the SSOClaimType4UniqueID
section in the web.config. For multiple Identify Providers simply specify the additional claim types with semi-
colon delimeter.
DEFAULT ENTRY IN WEB.CONFIG FOR WINDOW LIVE AND ADFS <add key="SSOClaimType4UniqueID"
value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier;http://schemas.m
icrosoft.com/ws/2008/06/identity/claims/windowsaccountname"/>
When using the WorkPlace Agent or the WorkPlace OTG Server it is recommended (not required) to restrict
the IP access as these two pages fall outside of the SSO authentication process. The IP address for the
WorkPlace Agent should be the IP Address where the WP Agent Service or .EXE is being run. The IP address for
the WP OTG Server should be the IP address that is hosting the WP OTG Server web site.
Since all Database Access is being done by the shared user account we need to configure that now by setting
up a SQL user account for ALL backend queries to run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to
specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 8, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder in the
WPEncrypt folder. To use this utility simply go to a command line and type the following, replace the value
with the SQL user accounts password and type anything you wish into the key value. Once run you get the
encrypted password outputted to the screen and there is also a Encrypted.txt file that is generated with the
encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 44 of 67
Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
SQL Authentication
SQL Name and Password are used and are passed directly through to the SQL Server. This requires the user to be
setup on the SQL server as a physical user and the user must have access to all databases that WorkPlace requires
access. It is recommended that the SQL password encryption option is enabled in WorkPlace when using this
method. Since the users have access to the databases a user could use excel or other connectable applications to
access WorkPlace data if non-encrypted passwords are allowed.
Specify SQL in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="SQL"/>
When using SQL 2005 or greater WorkPlace can honor the SQL Server Password policies by enabled the
“EnforceSQLPasswordPolicyAndExpiration” section in the web.config.
<add key="EnforceSQLPasswordPolicyAndExpiration" value="ON"/>
In order to encrypt the SQL passwords when “EnforceSQLPasswordPolicyAndExpiration” is on the setting “EnforceSQLPasswordEncryption” must also be set to “ON”
<add key="EnforceSQLPasswordEncryption" value="ON"/>
To enable users to change their SQL passwords from within WorkPlace set the “ChangePassword” setting in the web.config to “ON”
<add key="ChangePassword" value="ON"/>
SQLSHARED Authentication
SQL Name and Password for authentication only. All backend SQL operations are performed using a shared SQL
user account. This method secures access to the physical database as the user account does not have access to
any of the physical databases. This method is ideal in environments where other SQL applications are used and a
shared SQL name and password are desired.
Specify SQLSHARED in the web.config section “ServerAuthenticationType”.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 45 of 67
<add key="ServerAuthenticationType" value="SQLSHARED"/>
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to
encrypt the password go to step 6, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder in the
WPEncrypt folder. To use this utility simply go to a command line and type the following, replace the value
with the SQL user accounts password and type anything you wish into the key value. Once run you get the
encrypted password outputted to the screen and there is also a Encrypted.txt file that is generated with the
encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Copy the value outputted from Step 6 into the “SharedPasswordEncrypted” section, also specify the key used
in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
When using SQL 2005 or greater WorkPlace can honor the SQL Server Password policies by enabled the
“EnforceSQLPasswordPolicyAndExpiration” section in the web.config.
<add key="EnforceSQLPasswordPolicyAndExpiration" value="ON"/>
In order to encrypt the SQL passwords when “EnforceSQLPasswordPolicyAndExpiration” is on the setting “EnforceSQLPasswordEncryption” must also be set to “ON”
<add key="EnforceSQLPasswordEncryption" value="ON"/>
To enable users to change their SQL passwords from within WorkPlace set the “ChangePassword” setting in the web.config to “ON”
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 46 of 67
<add key="ChangePassword" value="ON"/>
Active Directory / NT Authentication
The Active Directory user name that the user logged into Windows with (Integrated Authentication) or the Active
Directory user that was entered on the Basic Authentication window (Non-Integrated Authentication) is simply
passed through to the SQL Server. This method as well as the SQL option both have the same drawbacks in that
the user could use an external application to get access to the SQL databases unless a firewall is enabled. This
method also suffers from the Double-Hop syndrome whereas the SQL Server, Web Server and Client machines
must all be enabled for delegation at the Active Directory level as standard Kerberos authentication does not allow
the client browser to authenticate to the web server and then allow the web server to impersonate the credentials
to the SQL server.
Specify NT in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="NT"/>
Set the “authentication” mode to “Windows” in the web.config
<authentication mode="Windows"/>
Set the “identity” impersonate to “true” in the web.config
<identity impersonate="true"/>
Remove the Anonymous access from the Application Folder / Virtual Directory and check the Basic or
Windows/Integrated authentication checkboxes.
Windows 2008 Screen Shot
Configure an Active Directory group for use with WorkPlace and then add all users that will access WorkPlace
to this group. Now on the SQL Server add this group and give this group permission to the PTIMaster, all
Control databases (example: DYNAMICS), and to ALL Company databases that WorkPlace is installed to.
Within each of these databases give the group access to the PTIWorkPlaceAdmin role.
Configure the Windows Management Instrumentation (WMI) Control. From the Web Server go to Start
Control Panel Administrative Tools Computer Management. Open the Service and Applications group.
Right-click on the WMI Control and select Properties.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 47 of 67
Go to the Security tab and open the Root group and then highlight the CIMV2 folder and click the Security
button.
Add your Active Directory group. Check both the ‘Enable Account’ and ‘Remote Enable’ in the lower ‘Permissions’ pane. Click Advanced and highlight the group you just added. Click Edit. In the ‘Apply onto’ drop-
down, change the setting to "This namespace and subnamespaces". Click ‘OK’ on all the open dialogs to complete.
Reboot the Web Server to invoke changes.
Active Directory / NTSHARED Authentication
The Active Directory user name that the user logged into Windows with (Integrated Authentication) or the Active
Directory user that was entered on the Basic Authentication window (Non-Integrated Authentication) is used to
identify the user to WorkPlace. The SQL backend operations are all performed using a shared SQL account. This
method is the preferred model in larger organizations as the user cannot access the databases via external
applications and all password and account management is at the Active Directory level. This option also eliminates
the double-hop issue with Active Directory.
Specify NTSHARED in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="NTSHARED"/>
Set the “authentication” mode to “Windows” in the web.config
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 48 of 67
<authentication mode="Windows"/>
Set the “identity” impersonate to “true” in the web.config
<identity impersonate="true"/>
Set the "SessionSQLConnectionString" using SQL Account. See Chapter 13: Session User Setup - Configuring
using SQL Account.
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder in the
WPEncrypt folder. To use this utility simply go to a command line and type the following, replace the value
with the SQL user accounts password and type anything you wish into the key value. Once run you get the
encrypted password outputted to the screen and there is also a Encrypted.txt file that is generated with the
encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
Remove the Anonymous access from the Application Folder / Virtual Directory and check the Basic or
Windows/Integrated authentication checkboxes.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 49 of 67
Windows 2008 Screen Shot
Configure an Active Directory group for use with WorkPlace and then add all users that will access WorkPlace
to this group.
Configure the Windows Management Instrumentation (WMI) Control. From the Web Server go to Start
Control Panel Administrative Tools Computer Management. Open the Service and Applications group.
Right-click on the WMI Control and select Properties.
Go to the Security tab and open the Root group and then highlight the CIMV2 folder and click the Security
button.
Add your Active Directory group. Check both the ‘Enable Account’ and ‘Remote Enable’ in the lower ‘Permissions’ pane. Click Advanced and highlight the group you just added. Click Edit. In the ‘Apply onto’ drop-
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 50 of 67
down, change the setting to "This namespace and subnamespaces". Click ‘OK’ on all the open dialogs to complete.
Reboot the Web Server to invoke changes.
Forms Authentication
The Active Directory user name that the user logged into Windows with is used to authenticate against the
WorkPlace Web Server using IIS Forms Authentication. Once authenticated against the web site, the user’s credentials are passed to the WorkPlace solution which will authenticate against the application level security. All
SQL backend operations are all performed using a shared SQL account. This method is a preferred model in larger
organizations as the user cannot access the databases via external applications and all password and account
management is at the Active Directory level. This option also eliminates the double-hop issue with Active
Directory.
Specify FORMS in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="FORMS"/>
Set the “authentication” mode to “Forms” in the web.config
<authentication mode="Forms"/>
Set the "SessionSQLConnectionString" using SQL Account. See Chapter 13: Session User Setup - Configuring
using SQL Account.
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to
specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder in the
WPEncrypt folder. To use this utility simply go to a command line and type the following, replace the value
with the SQL user accounts password and type anything you wish into the key value. Once run you get the
encrypted password outputted to the screen and there is also a Encrypted.txt file that is generated with the
encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 51 of 67
Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.
<add key="SharedPasswordEncrypted"
value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>
<add key="SharedPasswordEncryptKey" value="cookiejar"/>
There are 3 additional sections in the web.config file specific to FORM Configuration. Each begins with “START: FORM” and will need to be uncommenting and updated as outlined below.
Update FORM Config Section 1 with the customer specific Active Director Connection String.
<!-- START: FORM Config Section 1 -->
<!-- * Add your Active Directory to authenticate against. -->
<location path="Central/LoginAction.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="Central/WPAgent.aspx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<location path="OTG/OTGMain.asmx">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<connectionStrings>
<add name="ADConnectionString"
connectionString="LDAP://domain.mycompany.com/CN=Users,DC=domain,DC=mycompany,DC=com"/
>
</connectionStrings>
<!-- END: FORM Config Section 1 -->
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 52 of 67
Update FORM Config Section 2 with the AttributeMapUIsername which will be one of 2 options;
sAMAccountName: The active Directory ‘User Logon Name’ (pre-Windows 2000) with no domain
which would be used as the Login Name in WorkPlace Security (i.e. aduser).
userPrincipalName: The active directory ‘User Logon Name’ with the domain email which would be
used as the Login Name in WorkPlace Security (i.e. [email protected]).
<!-- START: FORM Config Section 2 -->
<authorization>
<deny users="?"/>
<allow users="*"/>
</authorization>
<membership defaultProvider="MyADMembershipProvider">
<providers>
<!--attributeMapUsername values: "sAMAccountName" which would be the
account name such as jsmith, and "userPrincipalName" which is
would be UserName@DomainName or
<add name="MyADMembershipProvider"
type="System.Web.Security.ActiveDirectoryMembershipProvider,
System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"
connectionStringName="ADConnectionString"
attributeMapUsername="sAMAccountName"
/>
</providers>
</membership>
<!-- END: FORM Config Section 2 -->
Update FORM Config Section 3 by removing the comment tags to appear as below. No other updates are
required.
<!-- START: FORM Config Section 3 -->
<forms name=".ADAuthCookie" timeout="10" loginUrl="~/Central/Login.aspx"
defaultUrl="~/"/>
<!-- END: FORM Config Section 3 -->
Update the WorkPlace Application Folder / Virtual Directory to enable Anonymous and Forms Authentication.
All other settings should be disabled.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 53 of 67
Application Authentication
User accounts and passwords are managed by WorkPlace exclusively and all SQL backend operations are
performed using a shared user account. Under this option the user names are the email addresses of the user.
The key benefit with this method is that if users forget their passwords they can simply click a “forgot password” button on the logon page and reset their own passwords. This method is ideal for environments where account
management at the SQL or NT level is not ideal or empowering the user to manage their own password cuts
administrative overhead.
Specify APP in the web.config section “ServerAuthenticationType”.
<add key="ServerAuthenticationType" value="APP"/>
Configure a SQL user account as the account that ALL backend queries will be run under.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceAdmin role.
Specify the SQL user account in the web.config in the “SharedUserName” section.
<add key="SharedUserName" value="WPSharedUser"/>
Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to
specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.
<add key="SharedPasswordClear" value="shareduserpassword"/>
To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder in the
WPEncrypt folder. To use this utility simply go to a command line and type the following, replace the value
with the SQL user accounts password and type anything you wish into the key value. Once run you get the
encrypted password outputted to the screen and there is also a Encrypted.txt file that is generated with the
encrypted password.
WPEncrypt.exe value=" shareduserpassword" key="cookiejar"
Chapter 17: Administrative User
The administrative user defined in the web.config will grant access to WorkPlace even if the user is not configured
in WorkPlace. This user does not go against the licensed user account and allows limited access to certain
WorkPlace functions such as Security and Setting Settings.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 54 of 67
Specify the administrative users login name in the web.config section “AdministrativeUser”. For Active Directory specify the domain prefix.
<add key="AdministrativeUser" value="mydomain\jsmith"/>
SSO Setup
To initially get into WorkPlace with SSO enabled you have to do one of two things. One you can setup WorkPlace
for another authentication method and then configure the WorkPlace user account and setup the default SMTP
server settings. Then flip the authentication over to SSO and then follow the dialogs to assication your SSO account
with WorkPlace. The other method involves manually setting up this account which is detailed below.
1. Navigate manually to http://www.mydomain/WorkPlace/Central/SSOInfo.aspx (replace the domain
and folder with your valid specific values). From this page you get the value for the unique identifier
and the identity provider.
SSOINFO.ASPX
2. Use the values from step 1 and insert a manual record with this information into the PTISecuritySSO
table that is within the PTIMaster database.
INSERT INTO PTISecuritySSO (idfEmail,idfFlagActivated,idfIdentityProvider,idfIdentityUniqueID)
VALUES ('[email protected]',1,'uri:WindowsLiveID','8tsPDrj9x8nhfjbi0qkYvF0zBqXsZ0+i7bjo6L9FVl8=')
Chapter 18: Crystal Report SQL User Account
If using Active Directory / NT Pass-through or are using any options in the
SQLPasswordEncryptionExtendedSupport setting such as “GRPCONNECT” then the following steps will need to be
performed.
Configure a SQL user account for running the Crystal Reports queries.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceRFQVndAccess role.
Update the web.config settings “ReportUserName” and “ReportPassword” with the SQL user account that was just configured.
<add key="ReportUserName" value="WPCrystalUser"/>
<add key="ReportPassword" value="7803*&#@"/>
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 55 of 67
Chapter 19: RFQ Vendor User
If licensed for Request for Quote then a SQL user account will need to be created for the RFQ module to process
responses from outside vendors.
Configure a SQL user account.
Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to
ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to
the PTIWorkPlaceUser role.
Update the web.config settings “VendorUserName” and “VendorPassword” with the SQL user account that was just configured.
<add key="VendorUserName " value="WPVendorUser"/>
<add key="VendorPassword " value="7803*&#@"/>
Chapter 20: Date Format
The date format that is used in WorkPlace can be changed in the web.config. Once changed all display and input
fields will use this format.
To change the date format edit the “DateFormat” section of the web.config.
<add key="DateFormat" value="MM/dd/yyyy"/>
Format Option Example
MM/dd/yyyy 01/12/2015
yyyy.MM.dd 2015.12.01
dd/MM/yyyy 12/01/2015
dd.MM.yyyy 12.01.2015
dd-MM-yyyy 12.01.2015
MM-dd-yyyy 01-12-2015
yyyy/MM/dd 2015/01/12
Chapter 21: Session Timeout
The amount of inactivity allowed before a user has to re-login is controlled by the “SessionTimeout” setting in the web.config. The default time is 60 minutes.
To modify the timeout simply edit the “SessionTimeout” web.config setting and change to the specified amount of minutes.
<add key="SessionTimeout" value="60"/>
Chapter 22: Language Engine
If the Language Engine has been purchased and licensed the following setup needs to be performed.
Configure a SQL user account that will be used to access the Language Resource tables.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 56 of 67
Set the Default Database of the SQL user account to be one of the companies that WorkPlace is installed
against. This is important as the Default Database on the Language User Account tells WorkPlace where the
Language Resource tables are.
Give the SQL user account permission to the PTIMaster and to the Company database. Within each of these
databases give the user access to the PTIWorkPlaceLanguageAccess role.
Specify the SQL Language user name and password in the web.config
<add key="LanguageUserName" value="WPLanguageUser"/>
<add key="LanguagePassword" value="pass@word1"/>
The default language used by WorkPlace can be specified in the “Language” section of the web.config.
<add key="Language" value="English"/>
Chapter 23: Web Server Folder Security
Within the web objects folder on the web server there are a three folders that WorkPlace needs full privileges on.
Those folders are the Attachments, ReportExports, and DynamicFiles.
1. Using Explorer, Navigate to the WorkPlace web server folder created during installation (Unless changed
during install, default location is C:\Program Files (86)\WorkPlace).
2. Navigate to the WorkPlace\Central\Attachments folder
3. Right-mouse click on the Attachments Folder Sharing and Security
4. Select the SECURITY Tab
5. Select the appropriate user account/group
a. If using SQL, SQLSHARED, or APP Authentication: Select the User Account that the Application
Pool is running under.
b. If using NT or NTSHARED: Select the WorkPlace users Active Directory Group
6. Allow READ, WRITE and MODIFY Permissions for this account
7. Select OK to save your changes and close the Security Properties Window
8. Repeat Step 1 through 7 for the Central\ReportExports folder
9. Repeat Step 1 through 7 for the Central\DynamicFiles folder
10. Repeat Step 1 through 7 for the C:\Windows\Temp folder
Part 5: Logging into WorkPlace
Chapter 24: Your WorkPlace URL
Open Internet Explorer and enter the address of your WorkPlace Application
Your URL will look like this:
http://<Web server machine name>/<IIS virtual directory name>
For Example:
Web Server Name = Neptune; Virtual Directory Name = WorkPlace
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 57 of 67
You would type in: Http://NEPTUNE/WORKPLACE
- OR -
Example: Web Server IP address = 120.120.120.118; Virtual Directory = WorkPlace
You would type in: Http://120.120.120.118/WORKPLACE
When you successfully launch WorkPlace from your browser, you will reach a login screen where you will need to
enter some or all of the following information:
Username
Password
Company Name
Option to change Password
The information required/available on the login screen is primarily determined by the Authentication mode that
you have configured to validate users and passwords.
The option to allow users to change their own passwords is available only in SQL
Authentication mode. This feature can be activated by modifying the Web.config file.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 58 of 67
Appendix A: WP Agent Utility
The Agent program (typically c:\program files\WorkPlace\wpagent\WPAgent.exe) is a stand alone executable
program that calls a special web page (WPAgent.aspx) on a regular schedule. When called, the web page checks
for two types of situations as explained in the “uses” section below, and if found and launches the appropriate routines. The frequency the agent program calls the web page is scheduled on the web server using a command
line ‘AT’ command or by using ‘Scheduled Tasks’ in Control Panel.
Uses
1) When WorkPlace is installed with an EAIC, the WP Agent can be used to automatically update WorkPlace
application tables based on any modifications that have been made by by the application connected via the EAIC.
2) Also, this utility can be used to automatically send out an “Approval Tickler” email from the standard WorkPlaceemail engine. Reminder emails can be sent by the agent program when transactions (i.e.: Requisitions, Invoices,
Timesheets, Expense Sheets) have been submitted for approval, but have not yet been loaded into an approval
session.
Configuration
ACTIVATE
The WP Agent Program must be activated within the WorkPlace application System Settings page. To do so, simply
fill in a value for “Elapsed Hours” setting on the General Tab. The minimum number of hours is one, and fractional hours are not valid. The WP Agent Program is activated and configured per individual company. Each company
can have a different number of ‘elapsed hours’ specified in its WorkPlace System Settings.
ASSIGN A USER
SQL Authentication: select or create a user in SQL Server that is a member of the PTIWorkPlaceUser Role in all
Company DB(s), PTIMaster, and the Financial Application Control Database.
NT Authentication: select or create a user that is also a member of the NT Group for WorkPlace users.
CREATE COMMAND
Configure a command to launch the Agent program using ‘Scheduled Tasks’ in Control Panel or a command line ‘AT’ command. For example:
WPAgent.exe url="http://127.0.0.1/WorkPlace/Central/WPAgent.aspx" user="wpagent" password="wppass"
NOTE: The user information entered on the ‘Scheduled Task” Windows form can be any valid windows user on the web server. This user is separate and can be different from the
user information listed in your WPAgent command line.
Required Command Parameters (parameter names must be in lower case)
[url] This must point to the location of WPAgent.aspx within your virtual
folder you have configured for WorkPlace.
[user] The SQL Server/NT User Name.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 59 of 67
[password] The password for the User above.
[domain] NT Authentication ONLY: the User account’s network domain name.
Optional Command Parameters (parameters in lower case, ON/SCREEN in upper case)
[debug] ON: Output will be written to a file called WPAgentLog.txt in the
path specified in [path], if no path is specified, C:\ will be used.
SCREEN: Output will be written to the console screen exclusively.
[path] This is the path where the WPAgentLog.txt will be created.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 60 of 67
Appendix B: Notes on upgrading
Upgrading from Previous WorkPlace Versions
Previous versions of WorkPlace ran on the .NET 2.0 (before version 11) and .NET 4 (after version 11) framework as
was limited to 32 bit mode only. WorkPlace 2015 is built on the .NET 4.5.2 framework and the System
Requirements within this document should be consulted prior to upgrading.
Install the Microsoft Framework 4.5.2 version.
Install the new Crystal Reports.NET v13.0.5.891, either the 32bit or 64bit depending on OS.
If using the Dynamic GP 9, 10, 11+ encryption refer Appendix D: Dynamics GP Users as there are changes in
how this is setup.
SQL password encryption was changed with WorkPlace version 11 to a new encryption engine as the old
engine only supported 32 bit operation. If you wish to continue to use the old password encryption you can
enable the old encryption library by setting the web.config setting “SQLClassicEncryptionEnabled” to “ON”
<add key="SQLClassicEncryptionEnabled" value="ON"/>
If not on GP 8 or earlier or you want to run in native 64 bit mode then the “SQLClassicEncryptionEnabled” cannot be set to “ON” and all the WorkPlace SQL user accounts will have to have their SQL passwords reset. This can be done manually by the WorkPlace admin or there is a built in stored procedure than can be run in
the WorkPlace company database to set all the SQL accounts to a common password along with forcing the
users to change their password on logon. The stored procedure to execute is spPTISQLResetPasswordAll, it
takes one parameter which is the default password that all users will be set to. The default password is
“wppass”
EXEC spPTISQLResetPasswordAll
General Notes
Upgrading WorkPlace generally has fewer steps than a fresh “production” installation because most of the work was already done during your original install. For all upgrades:
When preparing to request your new license, you can generate the License Information File from within
WorkPlace on the System Settings General tab.
Unless you have a specific reason (i.e. instructed to by the release notes) you need not re-install the
Optional Window components.
Select “Upgrade” instead of production when installing SQL Objects. After installing Web Objects you can simply copy your backup web.config file into the Web-server
main installation folder to restore your custom settings.
Also, copy any modified reports from the web server as you will need to copy these back in after the
upgrade.
Most likely, you will be able to launch WorkPlace without modifying settings in your operating
environment (i.e. IIS Manager, SQL Server, and Security Settings on the Web-server installation
folder.)
There are two main types of upgrades, and the process varies between the two:
Upgrading to a new version of WorkPlace
Download the new version of WorkPlace from the Customer Area website. Unzip on your Web-
server and double-click Setup.exe to launch.
Using the WorkPlace Installation Wizard, Install both Web Objects and SQL Objects.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 61 of 67
When Installing SQL Objects, on the page where you identify your Financial Application version, check
to make sure the version of WorkPlace listed in the header of the popup window is the version
number you expect.
Select all of the same settings from your last install when installing your new objects EXCEPT:
Select “Upgrade” instead of production when installing SQL Objects
Adding a new Interface to your current WorkPlace version
Don’t run the WorkPlace installation Wizard! Instead, go to the Windows Start Menu on your Web-
server and run SQL Installer .NET to install your WorkPlace SQL Objects (this is more efficient and
saves time.)
When Installing SQL Objects, on the page where you identify your Financial Application version, check
to make sure the version of WorkPlace listed in the header of the popup window is the version
number you expect.
Select all of the same settings from your last install when installing your new objects EXCEPT:
Select “Upgrade” instead of production when installing SQL Objects, and Select the checkbox to install the NEW INTERFACE that has caused you to upgrade.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 62 of 67
Appendix C: Un-Installing WorkPlace
Remove the installed Web Objects
Delete the folder from where you originally installed the WorkPlace web objects. Once removed open Internet
Information Services and remove the application/virtual folder that was created for WorkPlace. Also, remove the
Application Pool.
Removing the installed SQL Databases
During the SQL objects installation process, tables, triggers, stored procedures and views were installed to the
Control database and Company database(s). To remove these objects email
[email protected] for additional information. Also, there is another shared database called
PTIMaster that should be removed only if WorkPlace is being removed from ALL Companies on the associated SQL
Server.
Removing the installed Optional Windows Components
These optional Windows Components can be removed using the standard Add/Remove programs feature included
with Windows.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 63 of 67
Appendix D: Dynamics GP Users
General Considerations
User logins (SQL Users) created via Dynamics GP (Setup System User) can be registered within
WorkPlace Security to permit that same user name and password login access to WorkPlace.
If desired, User logins can be created in GP WITHOUT a class id attached, which will permit login
access to WorkPlace without enabling access to any Great Plains module.
WorkPlace supports ENCRYPTED passwords. See below for details.
Supporting GP 9+ Password encryption
Configuration
When using SQL Authentication for WorkPlace and some Dynamics GP 9+ Users are also WorkPlace Users, the
following settings must be made to support Password Encryption for Great Plains User accounts.
Create an ODBC DSN on the web server. From the Windows Start Menu on your web server, go to
Administrative Tools, Data Sources (ODBC) and select the System DSN tab to check for a connection to your
SQL Server. If the required DSN connection does not exist, you can simply ADD it. Be sure to set up the DSN
using SQL Authentication and otherwise use the default settings offered. . A ‘Help’ button is available on the
ADD DSN pages for further information.
In order for Reports to run properly the Report User name must be setup in the web.config. See the Crystal
Report SQL User Account section in this guide.
Configure the “SQLPasswordEncryptionExtendedSupport” section of the Web.Config settings, replace the
value dsn shown below with the name of the DSN connection from your web server to your SQL Server:
<!--For GreatPlains 9.0 Encryption set value to GRPCONNECT;{DSNNAME}-->
<add key="SQLPasswordEncryptionExtendedSupport" value="GRPCONNECT;dsn"></add>
Install and install the Microsoft Framework .NET 3.5 SP1 which is required by the Dynamics GP encryption
library.
Copy the appropriate GPConnNet.dll file from the Web objects FinancialPlatform\DynamicsGP\GPConnNet
folder that you installed on the web server to the WorkPlace bin\ folder. There is a 32Bit and 64Bit folder in
the FinancialPlatform\DynamicsGP\GPConnNet folder. Select the proper one for the OS that is running
WorkPlace.
Supporting GP 8 and earlier Password encryption
Configuration
When using SQL Authentication for WorkPlace and some Dynamics GP 8 and earlier Users are also WorkPlace
Users, the following settings must be made to support Password Encryption for Great Plains User accounts.
Due to limitations with the Dynamics GP libraries the web virtual/application folder must be running in 32 bit
as 64 bit is not supported.
Edit the web.config and set the “SQLClassicEncryptionEnabled” setting to “ON”.
<add key="SQLClassicEncryptionEnabled" value="ON"/>
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 64 of 67
Functionality
USER INITIATED PW CHANGES
Due to restrictions with Dynamics GP 9+’s password encryption, certain User’s are no longer allowed to change their password on the WorkPlace login page. If a user’s account was created in Dynamics GP 9+ and they attempt
to use the “Change Password” feature on the WorkPlace login page, the following message will be displayed: “Password must be set in Dynamics GP 9+.”
However, users can change their own password in Dynamics GP 9+ at:
(Tools Setup User Preferences Password button.) Afterwards, the User must re-login to Great Plains with
the new password before they will be allowed to login to WorkPlace with new password.
PW CHANGES FROM WORKPLACE SECURITY
If a user’s account was created in Dynamics GP 9+ and their password is changed from the WorkPlace Security
page, the User will no longer be able to launch Dynamics and login with the old password.
Upon their next new Dynamics GP 9+ session, they must login with the new password set in WorkPlace and will
then be prompted to change their password. At this point, it is recommended that the user enter the same PW
that was just set in WP Security for all values. However, any new PW they set at this time will then be valid for
both Dynamics and WorkPlace going forward.
INTERACTIONS WITH WORKPLACE PW ENCRYPTION
WorkPlace also has an encryption feature which is primarily intended to provide enhanced security on SQL user
accounts that are created in WorkPlace and do not have login access to Dynamics GP. WorkPlace encryption can
be activated from Maintenance System Settings by checking the “Encrypt SQL Password” option.
BE AWARE: If a user’s account was created in Dynamics GP 9+ and WorkPlace encryption is not active, if their
password is changed from the WorkPlace Security page that user will then have the ability to login to other SQL
based applications. However, upon the user’s next login to Dynamics, when they are prompted to change passwords, the GP 9+ SQL encryption will be restored.
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 65 of 67
Appendix E: Encrypting the Web.Config
The web.config can hold some sensitive information such as special user names and password for session
management, report execution and language management to name a few. In order to secure this information .NET
provides a build in encryption routine for the web.config. Following are excerpts from the Microsoft .NET
documentation on performing this activity.
Encrypting Web.Config
To encrypt the WorkPlace appSettings inside the web.config simply run this command. Make sure when you run
this command that is from the Administrators level command prompt. Also make sure you are using the proper
.NET framework folder for your version that WorkPlace is running under and that you specify the proper virtual
folder that WorkPlace is using.
Example:
C:\>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pe "appSettings" -app "/WorkPlace"
Decrypting Web.Config
To decrypt the WorkPlace appSettings inside the web.config simply run the same command as we did to encrypt
but we will use the –pd command versus the –pe. Make sure when you run this command that is from the
Administrators level command prompt. Also make sure you are using the proper .NET framework folder for your
version that WorkPlace is running under and that you specify the proper virtual folder that WorkPlace is using.
Example:
C:\>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pd "appSettings" -app "/WorkPlace"
Microsoft Documentation for Encrypting and Decrypting Configuration Sections
Information Obtained from Microsoft Article: https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx
You can use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a Web
configuration file. ASP.NET will automatically decrypt encrypted configuration elements when the Web.config file
is processed.
NOTE: The Aspnet_regiis.exe tool is located in the %windows%\Microsoft.NET\Framework\versionNumber folder.
You can also use the protected configuration classes in the System.Configuration namespace to encrypt and
decrypt sections of a Web configuration file, sections of a configuration file for an executable (.exe), or sections in
the machine-level and application-level configuration files. For more information, see the ProtectSection method
of the SectionInformation class. For information on referencing a section of a Web.config file, see the
WebConfigurationManager class. For information on referencing configuration sections of files other than the
Web.config file, see the ConfigurationManager class.
Encrypting a Web Configuration Section
To encrypt configuration file contents, use the Aspnet_regiis.exe tool with the –pe option and the name of the
configuration element to be encrypted.
Use the –app option to identify the application for which the Web.config file will be encrypted and the -site option
to identify which Web site the application is a part of. The Web site is identified using the site number from the
Internet Information Services (IIS) metabase. You can retrieve the site number from the INSTANCE_META_PATH
server variable in the ServerVariables collection. For example, when IIS is installed, a Web site named "Default
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 66 of 67
Web Site" is created as site 1. In pages served from that site, the INSTANCE_META_PATH server variable returns
"/LM/W3SVC/1". If you do not specify a -site option, site 1 is used.
Use the –prov option to identify the name of the ProtectedConfigurationProvider that will perform the encryption
and decryption. If you do not specify a provider using the -prov option, the provider configured as
thedefaultProvider is used.
NOTE: If you are using an RsaProtectedConfigurationProvider instance that specifies a custom key container, you
must create the key container before running the Aspnet_regiis.exe tool. For more information, see Importing and
Exporting Protected Configuration RSA Key Containers.
The following command encrypts the connectionStrings element in the Web.config file for the application
SampleApplication. Because no -site option is included, the application is assumed to be from Web site 1 (most
commonly Default Web Site in IIS). The encryption is performed using the RsaProtectedConfigurationProvider
specified in the machine configuration.
aspnet_regiis -pe "connectionStrings" -app "/SampleApplication" -prov "RsaProtectedConfigurationProvider"
When a page or other ASP.NET resource in the application is requested, ASP.NET calls the provider for the
protected configuration section to decrypt the information for use by ASP.NET and your application code.
NOTE: To decrypt and encrypt a section of the Web.config file, the ASP.NET process must have permission to read
the appropriate encryption key information. For more information, see Importing and Exporting Protected
Configuration RSA Key Containers.
Decrypting a Web Configuration Section
To decrypt encrypted configuration file contents, you use the Aspnet_regiis.exe tool with the -pd switch and the
name of the configuration element to be decrypted. Use the –app and -site switches to identify the application for
which the Web.config file will be decrypted. You do not need to specify the –prov switch to identify the name of
the ProtectedConfigurationProvider, because that information is read from the configProtectionProvider attribute
of the protected configuration section.
The following command decrypts the connectionStrings element in the Web.config file for the ASP.NET application
SampleApplication:
aspnet_regiis -pd "connectionStrings" -app "/SampleApplication"
W O R K P L A C E I N S T A L L A T I O N G U I D E
Page 67 of 67
Index
Access the WorkPlace Application(s) ...................... 56
Db Installation Log ................................................... 27
Default Web Objects Location ................................. 29
IIS 33, 35
Installation Wizard ................................................... 18
Installing Workplace ................................................ 17
Main Installation Window ....................................... 19
SQL Object Installation ............................................ 21
SQL Server Services ................................................. 17
Virtual Directory ................................................ 56, 57
Web Objects Installation ......................................... 29
Web Server Services ................................................ 17
Web Site Configuration ........................................... 33
Windows Components ............................................ 30
WorkPlace license .............................................. 13, 17