workplace applications installation/upgrade guide · internet explorer 7 or greater (ie 9 or...

WorkPlace Applications Installation/Upgrade Guide

Designed for WorkPlace 2016 and Greater (v16.00+)

Paramount Technologies Inc.

1374 East West Maple Road

Walled Lake, MI 48390-3765

Phone 248.960.0909 • Fax 248.960.1919

www.ParamountWorkPlace.com

http://www.paramountworkplace.com/

W O R K P L A C E I N S T A L L A T I O N G U I D E

Copyright Copyright © 2016 Paramount Technologies. All rights reserved.

Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights

under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval

system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or

otherwise), or for any purpose, without the express written permission of Paramount Technologies.

Notwithstanding the foregoing, the licensee of the software with which this document was provided may

make a reasonable number of copies of this document solely for internal use.

Trademarks WorkPlace is a registered trademark of Paramount Technologies and is registered in the United States

and other countries. Microsoft, Microsoft Dynamics GP, Windows, Windows Server and Windows Vista

are either registered trademarks or trademarks of Microsoft Corporation or its affiliates in the United

States and/or other countries.

The names of actual companies and products mentioned herein may be trademarks or registered marks -

in the United States and/or other countries - of their respective owners. Unless otherwise noted, the

example companies, organizations, products, domain names, e-mail addresses, logos, people, places,

and events depicted herein are fictitious. No association with any real company, organization, product,

domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Intellectual property Paramount may have patents, patent applications, trademarks, copyrights, or other intellectual property

rights covering subject matter in this document. Except as expressly provided in any written license

agreement from Paramount, the furnishing of this document does not give you any license to these

patents, trademarks, copyrights, or other intellectual property.

Warranty disclaimer Paramount Technologies disclaims any warranty regarding the sample code contained in this

documentation, including the warranties of merchantability and fitness for a particular purpose.

Limitation of liability The content of this document is furnished for informational use only, is subject to change without notice,

and should not be construed as a commitment by Paramount Technologies. Paramount Technologies

assumes no responsibility or liability for any errors or inaccuracies that may appear in this manual.

Neither Paramount Technologies nor anyone else who has been involved in the creation, production or

delivery of this documentation shall be liable for any indirect, incidental, special, exemplary or

consequential damages, including but not limited to any loss of anticipated profit or benefits, resulting

from the use of this documentation or sample code.

License agreement Use of this product is covered by a license agreement provided with the software product. If you have

any questions, please call the Paramount Technologies Support at 800.725.4408 (in the U.S. or Canada)

or +1.800.725.4408.

Publication date July 2016


Contents

PART 1: INTRODUCTION .................................................................................................................................. 5

Product Overview .................................................................................................... 5

What’s in this manual ............................................................................................... 6Symbols ................................................................................................................. 6

Before you contact support ....................................................................................... 6

PART 2: PREPARATION .................................................................................................................................... 7

Chapter 1: Three-Tiered Operating Environment ............................................................ 7

Chapter 2: Web Client System Requirements ................................................................ 7

Chapter 3: Web Server Recommendations .................................................................... 7

Chapter 4: Database Server Recommendations ............................................................. 8

Chapter 5: User Logins and Passwords ......................................................................... 9

User Authentication Options ...................................................................................... 9

Authentication Planning .......................................................................................... 10

Chapter 6: Requesting a WorkPlace License ................................................................ 12

Step 1: Generate the Info File ................................................................................ 12

Step 2: License Request Form ................................................................................. 14

Step 3: Submit Request ......................................................................................... 16

Step 4: Loading the License Certificate ..................................................................... 16

Chapter 7: Pre-Installation Checklist .......................................................................... 17

PART 3: WORKPLACE INSTALLATION ............................................................................................................. 18

Chapter 8: The WorkPlace Installation Wizard ............................................................. 18

Chapter 9: SQL Objects Installation ........................................................................... 21

Chapter 10: Scripting the Database Objects ................................................................ 23

Chapter 11: Web Objects Installation ......................................................................... 29

Chapter 12: Optional Windows Components ................................................................ 30

Chapter 13: Configuring your WorkPlace Website ......................................................... 33

Creating the Application Folder / Virtual Directory – Windows 2008.............................. 33

Creating the Virtual Directory – Windows 2003 .......................................................... 35

PART 4: ADDITIONAL SYSTEM CONFIGURATION ........................................................................................... 39

Chapter 14: Session User Setup ................................................................................ 39

Configuring using SQL Account ................................................................................ 39

Configuring using NT Pass-through .......................................................................... 39

Chapter 15: Specifying SQL Server Housing Company Databases .................................. 39

Chapter 16: Configuring User Authentication ............................................................... 39

SSO – Single Sign On Authentication ....................................................................... 39

SQL Authentication ................................................................................................ 44

SQLSHARED Authentication .................................................................................... 44

Active Directory / NT Authentication ........................................................................ 46

Active Directory / NTSHARED Authentication ............................................................. 47

Forms Authentication ............................................................................................. 50

Application Authentication ...................................................................................... 53

Chapter 17: Administrative User ................................................................................ 53

SSO Setup ............................................................................................................ 54


Chapter 18: Crystal Report SQL User Account ............................................................. 54

Chapter 19: RFQ Vendor User ................................................................................... 55

Chapter 20: Date Format .......................................................................................... 55

Chapter 21: Session Timeout .................................................................................... 55

Chapter 22: Language Engine ................................................................................... 55

Chapter 23: Web Server Folder Security ..................................................................... 56

PART 5: LOGGING INTO WORKPLACE ............................................................................................................ 56

Chapter 24: Your WorkPlace URL ............................................................................... 56

APPENDIX A: WP AGENT UTILITY .................................................................................................................. 58

Uses ....................................................................................................................... 58

Configuration .......................................................................................................... 58

APPENDIX B: NOTES ON UPGRADING ........................................................................................................... 60

Upgrading from Previous WorkPlace Versions .............................................................. 60

General Notes ......................................................................................................... 60

APPENDIX C: UN-INSTALLING WORKPLACE .................................................................................................. 62

Remove the installed Web Objects ............................................................................. 62

Removing the installed SQL Databases ....................................................................... 62

Removing the installed Optional Windows Components ................................................. 62

APPENDIX D: DYNAMICS GP USERS .............................................................................................................. 63

Supporting GP 9+ Password encryption .................................................................... 63

Configuration .......................................................................................................... 63

Supporting GP 8 and earlier Password encryption ...................................................... 63

Configuration .......................................................................................................... 63

Functionality ........................................................................................................... 64

APPENDIX E: ENCRYPTING THE WEB.CONFIG ............................................................................................... 65

Encrypting Web.Config ............................................................................................. 65

Decrypting Web.Config ............................................................................................. 65

Microsoft Documentation for Encrypting and Decrypting Configuration Sections ............... 65

Encrypting a Web Configuration Section ................................................................... 65

Decrypting a Web Configuration Section ................................................................... 66


of 67

Part 1: Introduction

Use this manual to install and prepare Paramount Technologies WorkPlace Applications for use. Review the

introductory information about the resources available to you, and then use the WorkPlace Applications Checklist

as your guide to installing WorkPlace.

Product Overview

The Paramount WorkPlace Suite is built from the ground up for interoperability across heterogeneous

environments using open standards.

Paramount solutions will streamline your employee management and procurement processes, improve your

employee productivity and accelerate your business.

WORKPLACE EPROCUREMENT

Reduce direct and indirect purchasing costs, increase control over business transactions, and streamline the

employee management and procurement processes

WorkPlace eProcurement is a robust web-based eProcurement solution that allows organizations to automate the

complete procure-to-pay cycle – from product selection, requisitioning, approval and ordering to delivery, receipt

and financial settlement. The suite includes applications for requisitioning, PunchOut via cXML, check request,

budget compliance, RFQ, purchase order generation, receiving, invoice matching and vendor contract enforcement

with approval workflow throughout the entire process.

With an eProcurement solution in place, organizations empower their users throughout the enterprise:

Requesters get the convenience and efficiency of easy self-service for requisitions and check requests

Managers are able to manage by exception and accelerate approvals with automated workflow

Buyers can focus on building strategic supplier relationships to reduce costs

Payables maintains control over expenditures

Benefits

Eliminate error-prone paper-based processes

Reduce requisition-to-order costs and cycle time

Control maverick spending

Manage by exception - ensure that your purchases adhere to your policies

Ensure Sarbanes-Oxley compliance with a complete audit trail of transactions

Enable your procurement professionals to focus on strategic tasks

WORKPLACE PROJECT, TIME & EXPENSE

Automate the project lifecycle to improve resource utilization and streamline time & expense processing

Paramount Technologies’ project accounting solutions enable operational and financial management through project initiation, resource utilization, time and expense processing and earned value management. Via the

WorkPlace Project, WorkPlace Time, and WorkPlace Expense solutions, Paramount Technologies delivers web-

based, workflow-driven information for project and resource management.

Our solutions address the wide range of unique project accounting, financial management, billing and

procurement requirements in a multi-company, multicurrency environment. The success of a project-driven

business depends on the planning, managing and closing of projects in a timely, quality-focused and cost-effective


of 67

manner. Paramount Technologies’ solutions are designed to automate the project lifecycle, eliminate redundant data entry and provide visibility across the project portfolio and resource pool.

Benefits

Eliminate error-prone paper-based processes

Reduce requisition-to-order costs and cycle time

Control maverick spending

Manage by exception - ensure that your purchases adhere to your policies

Ensure Sarbanes-Oxley compliance with a complete audit trail of transactions

Enable your procurement professionals to focus on strategic tasks

What’s in this manual

This manual provides guidelines for installing and setting up your Paramount Technologies WorkPlace Applications

system. It lists the latest system requirements, contains a step-by-step guide through the installation process, gives

tips on troubleshooting, and describes initial setup procedures. The manual is divided into the following parts:

Part 2, Preparation, contains information about preparing your computers, network, and database

Part 3, WorkPlace Installation, describes how to install WorkPlace on your server and set up an account

framework.

Part 4, Additional System Configuration, describes how to configure WorkPlace.

Part 5, Enterprise Integration Application Connector, describes how to install and configure the EAIC

connector.

Part 5, Logging into WorkPlace, describes how to log on to your new installation of WorkPlace.

Symbols

The note symbol indicates helpful tips, shortcuts and suggestions.

The “i” symbol indicates situations you should be especially aware of when completing tasks.

Before you contact support

If you are experiencing a problem when installing WorkPlace Applications, have the answers ready to the following

questions to help your support specialist narrow down the source of the problem you’ve experiencing.

What is the exact error message?

When did the error first occur?

What task were you attempting to perform at the time the error message was displayed?

Has the task been completed successfully in the past?

What is the name of the window you are you working in?

What have you done so far to attempt to fix the problem?

Does the problem occur on another workstation?

What versions of software are you using?

Verify the version numbers for WorkPlace Applications, your Microsoft SQL Server, and Microsoft Windows®. Also

note service packs for each product.

Does the problem occur for the sa or System Administrator user?

Does the problem occur at the database server?


of 67

Part 2: Preparation

Chapter 1: Three-Tiered Operating Environment

WorkPlace is recommended for use with the three-tiered architecture model shown below. The WorkPlace

application resides on the Web Server (Front End), the Database resides on the SQL Server (Back End) and the

application is accessed from the Web Client.

Chapter 2: Web Client System Requirements

Paramount supports the following minimum client hardware requirements and server recommendations for

WorkPlace. (Note that the server recommendations are not the minimum server requirements.) The specific

hardware that you will need for your configurations depends on environmental factors. To achieve individual

performance expectations, you may need to increase these recommendations.

Component Requirements Notes

Browser Firefox version 3 or greater

Chrome version 16 or greater

Safari version 4 or greater

Internet Explorer 7 or greater

(IE 9 or greater recommended)

PDF Reader

For viewing WorkPlace reports

Browser based plug-in

Adobe Acrobat Reader(recommended if

using Internet Explorer)

Chapter 3: Web Server Recommendations

Actual requirements may vary depending on transaction volume, modules used and number of users.


Operating System Microsoft Windows 7 SP1

Microsoft Windows 8, 8.1

Microsoft Windows 10

Microsoft Windows Server 2008 SP2

Microsoft Windows Server 2008 R2 SP1

Microsoft Windows Server 2012

Microsoft Windows Server 2012 R2

It is recommended that the

Web Server is not the same

machine as the SQL Server. 32

and 64 bit is supported

WEB CLIENT

Setup Shortcut or IE Favorite

to launch WorkPlace

No installation or data

storage required

WEB SERVER

Houses WorkPlace Website

and Installation Folder

-- and (if required) --

EAIC Website and

EAICt Installation Folder

SQL SERVER

Houses WorkPlace Control

Database

and

Financial Application Company

Databases where SQL Objects

are installed


of 67


Microsoft Windows Vista SP2

Processor Dual Core or Multi-Processer, 2 Gigahertz

(GHz) or greater recommended

Storage 500 GB Hard Drive This space on the web server is

utilized for the .NET 4 Runtime,

Crystal Runtime and the

WorkPlace application.

Depending on number of users

and sizes of attachments more

storage may be necessary.

WorkPlace can be configured

to store attachments on a SAN

or other network drive to

reduce storage requirements

on the Web Server.

RAM 2 GB minimum (8 GB recommended)

Browser Firefox version 3 or greater

Chrome version 16 or greater

Safari version 4 or greater

Internet Explorer 7 or greater

(IE 9 or greater recommended)

Windows Internet

Information Services (IIS)

IIS 6.0 or greater

.NET Runtime Version 4.0 .NET Runtime version is

included with WorkPlace.

Provided as part of the WorkPlace installation Wizard:

Microsoft .NET framework

Crystal Reports 32bit and 64bit runtime engine

Chapter 4: Database Server Recommendations

Actual requirements may vary depending on transaction volume, modules used and number of users.


Database SQL Server 2016

SQL Server 2014

SQL Server 2012

SQL Server 2008 R2

SQL Server 2008

Enterprise, Standard, Web Editions

It is recommended that the

Web Server is not the same

machine as the SQL Server.

WorkPlace is both 32 and 64 Bit

compliant

Processor Dual Core

Multi-Processer recommended

Storage 500 GB Hard Drive Depending on number of users

and sizes of attachments, user

can store attachments on SAN

or other network drive to

reduce storage requirements.


of 67


RAM 8 GB Minimum (16 - 32 GB recommended)

To ensure complete and proper module configuration inside of your Financial

Application, transactions within all required modules should be successfully processed

through to General Ledger Posting *PRIOR TO AND INDEPENDENT OF* the Paramount

WorkPlace module(s) installation.

Chapter 5: User Logins and Passwords

WorkPlace can be configured with any one of five modes of user authentication. See the chart below to select the

proper user authentication for your environment.

User Authentication Options

Option Details

SSO Single Sign On. This option allows for usage of 3rd party authentication services such as

Windows Live, Google and custom providers. When hosting WorkPlace in the cloud or in a

DMZ outside of the internal network this option can provide access to the local Active

Directory via Active Directory Federation Services (AFDS).

All SQL backend operations are performed using a shared user account. Under this option

the user names are the email addresses of the user.

SQL SQL Name and Password are used and passed directly through to the SQL Server. This

requires the user to be setup on the SQL server as a physical user and the user must have

access to all databases that WorkPlace requires access. It is recommended that the SQL

password encryption option is enabled in WorkPlace when using this method. Since the

users have access to the databases a user could use excel or other connectable

applications to access WorkPlace data if non-encrypted passwords are allowed.

SQLSHARED SQL Name and Password for authentication only. All backend SQL operations are

performed using a shared SQL user account. This method secures access to the physical

database as the user account does not have access to any of the physical databases. This

method is ideal in environments where other SQL applications are used and a shared SQL

name and password are desired.

NT The Active Directory user name that the user logged into Windows with (Integrated

Authentication) or the Active Directory user that was entered on the Basic Authentication

window (Non-Integrated Authentication) is simply passed through to the SQL Server. This

method as well as the SQL option both have the same drawbacks in that the user could

use an external application to get access to the SQL databases unless a firewall is enabled.

This method also suffers from the Double-Hop syndrome whereas the SQL Server, Web

Server and Client machines must all be enabled for delegation at the Active Directory level

as standard Kerberos authentication does not allow the client browser to authenticate to

the web server and then allow the web server to impersonate the credentials to the SQL

server.

NTSHARED The Active Directory user name that the user logged into Windows with (Integrated

Authentication) or the Active Directory user that was entered on the Basic Authentication

window (Non-Integrated Authentication) is used to identify the user to WorkPlace. The

SQL backend operations are all performed using a shared SQL account. This method is the

preferred model in larger organizations as the user cannot access the databases via

external applications and all password and account management is at the Active Directory

level. This option also eliminates the double-hop issue with Active Directory.


of 67

Option Details

FORMS The Active Directory user name that the user logged into Windows with is used to

authenticate against the WorkPlace Web Server using IIS Forms Authentication. Once

authenticated against the web site, the user’s credentials are passed to the WorkPlace

solution which will authenticate against the application level security. All SQL backend

operations are all performed using a shared SQL account. This method is a preferred

model in larger organizations as the user cannot access the databases via external

applications and all password and account management is at the Active Directory level.

This option also eliminates the double-hop issue with Active Directory.

APP User accounts and passwords are managed by WorkPlace exclusively and all SQL backend

operations are performed using a shared user account. Under this option the user names

are the email addresses of the user. The key benefit with this method is that if users

forget their passwords they can simply click a “forgot password” button on the logon page

and reset their own passwords. This method is ideal for environments where account

management at the SQL or NT level is not ideal or empowering the user to manage their

own password cuts administrative overhead.

Authentication Planning

Before beginning installation of the WorkPlace application, you must determine which method of authentication

will be used. After making this choice, follow the steps in the appropriate section below:

SQL / SQL Shared Requirements

1. Create SQL Server logins and passwords in WorkPlace Security.

WorkPlace supports ENCRYPTED passwords when SQL User logins are created directly from

WorkPlace Security (for Help (F1) and activation, go to Maintenance Central System

Settings General tab)

For additional Sarbanes-Oxley compliance, WorkPlace has advanced password controls

available for SQL Server User Logins (for Help (F1) and activation, go to Maintenance Central Global Settings)

2. Create or use existing SQL User logins and passwords created in your Financial Application.

Register these users in WorkPlace Security.

See Appendix D for more information about registering Microsoft Great Plains / Dynamics

GP 9.x Users within WorkPlace.

3. Create or use existing SQL Server logins and passwords in MS SQL Server. Register these

users in WorkPlace Security.

4. If using SQL Shared then a special shared user account will need to be created that has

access to all the appropriate databases. This account will be referenced when you configure

the WorkPlace web.config.

Until users are set up in WorkPlace Security, ONLY user ‘sa’ or the administrative

user setup in the WorkPlace web.config file will be able to log into the application.

WorkPlace supports Dynamics GP 9+ password encryption. Refer to

Appendix ‘F’ of this guide for setup details.

NT / NT Shared Authentication Requirements

1. Create an NT WorkPlace User Group and make all WorkPlace users a member of this group.


of 67

2. NT User names registered in WorkPlace Security must be preceded by the network domain name and

a back slash. For example: OURDOMAIN\jsmith.

3. If using NT Shared then a special shared user account will need to be created that has access

to all the appropriate databases. This account will be referenced when you configure the

WorkPlace web.config.

APP & SSO Authentication Requirements

1. Gather all the user email accounts that will be setup as WorkPlace users.

2. If using SSO then a special shared user account will need to be created that has access to all

the appropriate databases. This account will be referenced when you configure the

WorkPlace web.config.

FORMS Authentication Requirements

3. Confirm the client specific Active Directory Connection String that will be used to update the

web.config file.

4. Gather all the AD user names and email accounts that will be setup as WorkPlace users.

5. A special shared user account will need to be created that has access to all the appropriate

databases. This account will be referenced when you configure the WorkPlace web.config.


of 67

Chapter 6: Requesting a WorkPlace License

To gain access to your WorkPlace application, you must first load a valid license certificate issued by Paramount

into the software. A valid license file can be obtained and loaded in four steps:

1. Generate and Save License Info file

2. Fill out License Request Form

3. Submit your License Info file and License Request Form to Paramount

4. Load your new License Certificate

All License Certificates have a predefined activation deadline. After the

deadline date, the certificate will no longer load into the application and a

new license will need to be requested.

Step 1: Generate the Info File

There are two methods of generating the License Info File:

Option A) Generate request from within WorkPlace. The License Info File can be generated and saved from within

WorkPlace: Maintenance Central System Settings General Tab Change License Certificate button

CLICK “Retrieve License Request Information” hyperlink

Select Save and make note of the folder where you save your new License Info file.


of 67

Option B) Generate Info File from external utility

Locating the License Information Collector

Download this utility program from the WorkPlace Customer Area website.

1. Click ‘Request a License Certificate’2. Download the ‘License Information Collector’ to the machine you will use as the WorkPlace

web server

Before Running the License Information Collector

Make sure the SQL Server where the company data will resides is running.

IMPORTANT: The .NET Framework Run-Time v2 or greater must be installed on the web server

PRIOR to running the License Information Collector. If needed, a copy of the appropriate .NET

Framework can be installed using the WorkPlace Installation Wizard (‘Optional Windows

Components’ button).

IMPORTANT: The License Collector program MUST be physically located on the WorkPlace web

server and you MUST run it on the WorkPlace web server ONLY!!

If either of the two conditions above are not met, the License Information Collector

or any license you receive from Paramount will not operate properly.

Running the License Information Collector

The License Information Collector program is a single screen (as shown below). Enter all required information into

the form:


of 67

Select ‘Save License Request to Disk’ and note the folder where you save your License Info File.

Note: If you do not select ‘Save License Request to Disk’, you will not be

able to complete the license request process as outlined below.

Step 2: License Request Form

a) Go to the WorkPlace Customer Area website http://www.paramounttechnologies.com

b) Click ‘Request a License Certificate’c) Fill out License Request Form (Example below, settings may vary)

http://www.paramounttechnologies.com/


of 67


of 67

Step 3: Submit Request

a) Verify you have attached the License Info File

b) Click ‘Submit Request’

Step 4: Loading the License Certificate

Once you receive your license certificate log into WorkPlace as the System Administrator. Upon the initial login to the application after installing or upgrading, you will be required to load a new license certificate:

License Certificate Maintenance Form (your WorkPlace version number may differ):

The page above can also be located within the WorkPlace menu system:

Maintenance Central System Settings General Tab Change License Certificate button

1. Type in or Browse to the location that the License Certificate was saved to

2. Click “Load License Certificate”3. A confirmation window will appear

4. Press the ‘Continue to Re-Log On’ button and login to WorkPlace

After reading this chapter, if you are still having difficulties, please phone your

VAR or contact Paramount at: [email protected] or

248.960.0909

mailto:[email protected]


of 67

Chapter 7: Pre-Installation Checklist

□ Microsoft SQL Server - Installed and configured

□ Financial Application and Databases – Installed and configured

□ Authentication mode chosen: Active Directory/NT, Application, or SQL Server

□ Web server Machine/operating environment – Installed and configured, including:

1. Internet Information Services (IIS)

2. .Net Framework v4

3. All other components listed previously under “Web Server Machine Specifications.”4. Windows Active Directory NT/NT Shared Authentication ONLY – complete steps in the

‘Network/Domain Configuration’ section of this guide

□ WorkPlace License Certificate file in-hand (.lic extension)

□ Paramount’s WorkPlace Installation Wizard software

Download files from WorkPlace Customer Area website.

□ Read the Release Notes for the current version of WorkPlace (available on the Customer Area

website). Make note of any additional instructions.

□ CREATE BACKUPS:

1. Financial Application: Control Database and ALL Company Databases

2. Upgrade ONLY: Backup the WorkPlace web.config file and any modified Crystal Reports.

□ Determine the location for your ‘WorkPlace Web Server Installation Folder’

In a live/production environment, running the WorkPlace web server and MS SQL

Server services on the same machine is NOT recommended. These servers should be set up

on separate machines for optimum performance.

ALSO, this document does not include detailed installation or configuration instructions for

Microsoft IIS Web Server and SQL Server. For this type of information, please refer to the

reference manuals and online resources provided by Microsoft.

IMPORTANT: The instructions in Chapter 3 will guide you step by step through the process of installing the

WorkPlace Application in a demonstration, test, or production environment. Please follow all instructions in the

order listed unless otherwise noted. If UPGRADING, Please read Appendix B next. PLEASE READ ALL

INSTRUCTIONS BEFORE PROCEEDING.


of 67

Part 3: WorkPlace Installation

All steps must be completed for a first-time installation; steps that can be omitted

in an upgrade are noted throughout this document and in Appendix B.

Chapter 8: The WorkPlace Installation Wizard

This Wizard is a graphical software interface that automatically guides you step by step through the WorkPlace

installation process.

Before starting the Installation Wizard

Close all currently running applications. Be certain that the MS SQL Server Database instance for your Control and

Company Database is running before you proceed. The Install Wizard needs to read and write to these databases in

order to install properly.

Launching the Wizard from a CD

Insert the WorkPlace Product CD into the drive located on the web server. If the CD drive is configured for

autoplay/autorun, the CD will start the Installation Wizard automatically. If the CD does not start automatically, select

StartRun and browse to the CD drive where the WorkPlace Installation CD has been inserted. Select the Setup.exe,

then OK from the Run menu and installation will begin.

Launching the Wizard from a ZIP archive

Extract the ZIP archive to your web server with the setting “include folder names.” A folder named after the WorkPlace

version number will be created with all necessary installation files. Inside that folder, double click Setup.exe to launch

the installation wizard.

The install code ZIP archive must be saved and extracted onto the web server. ALL

installation executables must be saved on launched on the web server ONLY!


of 67

In the Paramount Installation Wizard Window, click Next to proceed with the installation process.

In the License Agreement Window, carefully read the Paramount License Agreement. Select YES if you agree

to the terms of the Agreement and proceed with the installation process.

If you do not agree, select CANCEL and contact Paramount either by phone

248.960-0909 or by email at [email protected].

If you selected YES to the License Agreement the following screen appears, this is the Main Installation Window.

The steps appear in necessary completion order. As steps in the process are completed, you will automatically be

returned to this main window to begin the next step.

mailto:[email protected]


of 67


of 67

Chapter 9: SQL Objects Installation

Before proceeding with SQL Object installation or Upgrade, be certain that

a recoverable backup has been made of your control and company databases.

1. In the Main Installation Window, select the SQL Objects button. This step is required for both initial set up and

upgrades.

The SQL Server must already be installed, configured and have all Control and Company Databases installed. Close all currently running applications (not including services).

2. Select the components to be installed by clicking the checkbox next to the desired components. If the .NET

Framework is already installed, it is recommended that you un-check that box and do not reinstall it.


of 67

3. Destination folder: By default, the components will be installed to the C:\ drive of the local machine under

C:\ProgramFiles\WorkPlace\SQL or C:\Program Files (x86)\WorkPlace\SQL on a 64 bit OS. To change the

default installation folder, use the BROWSE button to navigate to the desired destination folder on the SQL

Server.

4. Select NEXT to proceed.

If the Default location of the web server installation folder is changed, be certain to make a note of the path to your installation folder location.

5. Review the settings and Select NEXT to continue if you are satisfied with the settings.

6. The SQL Objects and the PTI SQL Objects installer are copied to the destination folder.


of 67

7. Select FINISH to begin the next phase of the installation process. Leave Launch PTI Installer checked to

continue on to next step.

Chapter 10: Scripting the Database Objects

Once the WorkPlace SQL Objects are unpacked and copied to the destination folder, they must be scripted into the

Company database(s) by our SQL Installer .NET utility program. To continue the installation process directly from

the Installation Wizard, page above, leave the ‘Launch PTI Installer’ box checked and click FINISH. The main installation window will reappear briefly, and then the .NET Installer will be launched automatically.

Database scripting must be performed for ALL installation types (Demonstration,

Test or Production (fresh Install) or Upgrade from prior version).

If you have closed out of the Installation Wizard and need to resume the installation process at this point, go to the

Windows Start Menu on your web server and select “SQL Installer .NET” under “All Programs.”

1. On the Connect to SQL screen, type in the correct path to the appropriate SQL Server database instance or

select it from the drop down menu or browse button. Choose the authentication method for the installer

program. NOTE that this choice is totally unrelated to how users will be authenticated when logging into

WorkPlace. ‘sa’ will default as the Login name for SQL authentication. If your DBO user login is not ‘sa’, enterthe appropriate login, password, and then select NEXT to continue


of 67

2. Select Dynamics GP as the WorkPlace Platform and Select NEXT to continue

3. In the Select Company Database(s) window, select the Microsoft Dynamics GP Control Database (i.e.

DYNAMICS). Simply check all Dynamics GP company databases that WorkPlace is to be installed against and

select NEXT to continue.

4. The installer command file ‘WorkPlace.xml’ determines which ‘module specific’ pages follow as the installer

continues to run. The default path is usually correct and should point to the folder where you initially

unpacked the WorkPlace SQL Objects. Select NEXT to continue.


of 67

5. Specify the ‘Installation Type’ by clicking the circle to the left of the desired option.

Each of these options upgrades the WorkPlace SQL Objects to the version that came with

the Installation Wizard. The difference between these options is the effect on data held in

the tables created by WorkPlace:

UPGRADE – leaves WorkPlace data UN-changed and scripts all objects and permissions.

PRODUCTION – empties all WorkPlace data tables. The first time WorkPlace is installed to a

company database, this option must be chosen.

DEMONSTRATION - empties all WorkPlace data tables AND loads in sample data that may

be helpful for sales demonstrations.

None of the Installation types will affect data in Control database tables.

Select NEXT to continue.


of 67

6. Select your Financial Application Version Number and select NEXT to continue.

7. Indicate the WorkPlace modules you have purchased by checking the boxes to the left of each appropriate

option. You may select multiple options. After clicking next a series of other options will be available for

different types of integrations and options. It’s important to select only what is valid in your environment and

for what you have licensed. Certain combinations should not be performed, for example if you install

Requisition you should not select both the WennSoft Job/Service and the Great Plains Project Accounting

Interface. Continue to click NEXT until all the options screens are answered.

8. The default options should be used for this page, Select NEXT to continue.


of 67

9. Select Start to begin scripting; this process may take a few minutes.

The installation of each script is listed as they are installed to the database. Each time the installer is run,

a log file is created and saved in the /Log subdirectory of the folder to which the SQL Objects were

unpacked.


of 67

2. SQL Objects are now installed.

A log file is generated in the installation folder while the SQL

Installer is scripting the database objects.


of 67

Chapter 11: Web Objects Installation

The web server machine’s operating environment must already be prepared and configured prior to installing the WorkPlace application’s Web Objects.

The installation of Web Objects is performed for BOTH fresh installs and Upgrades.

If you are UPGRADING – navigate to the Web Folder where WorkPlace was initially

installed. You must rename or print the web.config file for reference in configuring the

new web.config that will replace it during the upgrade. You should also backup any

reports that you have customized as you will have to re-copy those back in after the

upgrade.

1. Select the WEB OBJECTS button to begin installation of the WorkPlace Web Components

2. Accept the default location C:\Program Files (86)\WorkPlace, or replace the default location by typing over it

or using the BROWSE button to choose a destination folder location. Select NEXT to continue the installation

of the Web Objects

If the default installation location is changed, be sure to make note of the new

installation folder’s location. If UPGRADING, be certain that your original installation folder is selected AND that you copy, rename, or print your existing web.config file before

proceeding.


of 67

3. Verify the settings before the files are copied to the local drive. Select NEXT to start copying files.

4. Select the FINISH button to return to the main installation window

Chapter 12: Optional Windows Components

All of the Optional Windows Components must be installed on the web server in order for WorkPlace to run

properly. Do not reinstall these programs if the same or a newer version already exists on your web server. To

install any of these components, select the OPTIONAL WINDOWS COMPONENTS Button on the main Installation

Wizard screen.


of 67

If any components have been installed previously, they need not be selected when running the WorkPlace

installation wizard.

Periodically these components are updated in future versions of WorkPlace so it is important to make sure that these

exact versions of the components are installed. If you are in question simply install the components and they will tell you if

they are installed or not.

1. Select the components you wish to install and select NEXT to continue.

2. Verify the components to be installed and Select NEXT to continue. The installation wizard will run the setup

programs for any components you have selected.


of 67

3. You have now completed all set up processes performed by the Installation Wizard! Click

Finish to go back to the main installation area.


of 67

Chapter 13: Configuring your WorkPlace Website

This step is required for a first time installation; it may be skipped when upgrading. A WorkPlace web site must

be configured for each SQL Server where your Financial Application is installed i.e. TEST SQL Server instance vs.

Live SQL Server Instance. The previous Sections in this manual must be completed prior to configuring your

WorkPlace website.

Microsoft Business Portal: For additional required steps when installing

WorkPlace on the same machine with Business Portal, please refer to the

“Installing WorkPlace alongside Business Portal” document (available for download from the Paramount Customer Area) BEFORE proceeding.

Creating the Application Folder / Virtual Directory – Windows 2008

Open the Internet Information Services (IIS) by navigating to Start Settings Control Panel

Administrative Tools Internet Information Services (IIS) Manager. Once open right mouse click on

Applications Pools and select Add Application Pool…

On the Add Application Pool screen enter a name for the pool such as “WorkPlace”, then select “.NET Framework v4.0.30319” and finally select “Classic” as the Managed pipeline mode. Leave the “Start application pool immediately” checked and click OK.


of 67

Now that the Application Pool is created we need to create the Application folder for WorkPlace and tie it to

this newly created Application Pool. To create the Application folder right mouse click on the Web Site that is

to contain the Application folder, in this example we are putting it on the Default Web Site. Click Add

Applcation…

From the Add Application screen enter the Alias that will be used from the web browser to access WorkPlace,

in this example we are using “WorkPlace”. Next select the Application pool “WorkPlace” that was created in step 2. Finally enter the folder where the WorkPlace web objects were installed, the default installation folder

“C:\Program Files (x86)\WorkPlace”. After this information is entered click OK.

WorkPlace is now configured for access. To test out access simply open a web browser and type in the url for

the web browser machine name along with the Application folder that we just configured, i.e.,

http://mywebserver/WorkPlace.


of 67

Creating the Virtual Directory – Windows 2003

Open the Internet Information Services (IIS) by navigating to Start Settings Control Panel

Administrative Tools Internet Information Services (IIS) Manager. Once open right mouse click on

Applications Pools and select New and then Application Pool…

On the Add New Application Pool screen enter a name for the pool such as “WorkPlace”. Leave the “Use default settings for new application pool” checked and click OK

Now that the Application Pool is created we need to create the Virtual Directory for WorkPlace and tie it to

this newly created Application Pool. To create the Virtual Directory right mouse click on the Web Site that is to

contain the Virtual Directory, in this example we are putting it on the Default Web Site. Select New and then

Virtual Directory…


of 67

The Virtual Directory Creation Wizard will now appear, click Next to configure the Virtual Directory. Now

enter the Alias for WorkPlace, in our example we defined this as WorkPlace (this alias is how WorkPlace will be

accessed from the web browser). Click Next to continue.


of 67

Now enter the folder where the WorkPlace web objects were installed, the default installation folder

“C:\Program Files (x86)\WorkPlace”. After this information is entered click Next.

From the Virtual Directory Creation Wizard select “Read” and “Run scripts (such as ASP)” and click Next.

The Virtual Directory is now created, click Finish.


of 67

Now we need to tie the Application Pool to the Virtual Directory. Right mouse click on the WorkPlace Virtual

Directory and select Properties.

From the Properties window select the Application pool that we created in step 2.

WorkPlace is now configured for access. To test out access simply open a web browser and type in the url for

the web browser machine name along with the Application folder that we just configured, i.e.,

http://mywebserver/WorkPlace.


of 67

Part 4: Additional System Configuration

Chapter 14: Session User Setup

In order for WorkPlace to maintain state between web pages a user defined connection string is available in the

web.config to direct WorkPlace to the proper SQL Server along with account information to access to the state

database tables.

It is recommended to use a special SQL user account for session management, if using the NT authentication

model you have the option of using pass-through for this setting. Even under the NT authentication model It is

still recommended to use a SQL account for access.

Configuring using SQL Account

1. Create the SQL session user account in SQL Server and set the default database to “PTIMaster” and fromwithin “PTIMaster” give this SQL user account full control on the “PTINETSessionHdr” and “PTINETSessionDtl”tables.

2. Open the web.config and specify this user account and the SQL Server name that holds the “PTIMaster”database. The section that holds this information is the “SessionSQLConnectionString”.

<add key="SessionSQLConnectionString" value="Password=J*&%$@12;Persist Security Info=false;User

ID=PTINETSessionUser;Initial Catalog=PTIMaster;Max Pool Size=500;Data Source=sqlserver\instance1"/>

Configuring using NT Pass-through

Configure an Active Directory group for use with WorkPlace and then add all users that will access WorkPlace

to this group. Now on the SQL Server add this group and set the default database to “PTIMaster” and from within “PTIMaster” give the group full control on the “PTINETSessionHdr” and “PTINETSessionDtl” tables.

Open the web.config and use the connection string specified below and specify the SQL Server name that

holds the “PTIMaster” database. The section that holds this information is the “SessionSQLConnectionString”.

<add key="SessionSQLConnectionString" value=" Integrated Security=SSPI;Persist Security Info=False;Initial

Catalog=PTIMaster;Max Pool Size=500;Data Source=sqlserver\instance1"/>

Chapter 15: Specifying SQL Server Housing Company Databases

The SQL Server housing the company databases for WorkPlace must be specified in the web.config. Simply open

the web.config and find the section “ServerName” and set the value to your SQL Server’s name and instance.

<add key="ServerName" value="sqlserver\instance1”/>

Chapter 16: Configuring User Authentication

There are seven user authentication options available; following will list each option and the required setup for

each.

SSO – Single Sign On Authentication

Third party authentication (Windows Live, Google, ADFS and custom providers) is used to access the WorkPlace

web site and is subsequently linked to a valid WorkPlace User account based on the users email address. Under

this security model all WorkPlace User Names must be the users valid email account. Since the SSO only

authenticates the user to WorkPlace, WorkPlace requires the Shared SQL account to be setup and configured – this

account is used for all database access.

1. Specify SSO in the web.config section “ServerAuthenticationType”.


of 67

<add key="ServerAuthenticationType" value="SSO"/>

Uncomment the 3 sections in the web.config within the blocks: SSO Config Section 1, SSO Config Section 2 and

SSO Config Section 3.

In the SSO Config Section 1 there are a few settings that need to be filled in based on your SSO setup – see

them highlighted below. Replace the value http://localhost/workplace/ with a valid external URL for access to

WorkPlace, this value will also be specified as the Relying Party Application in the SSO Access Control Service

(this is outside of WorkPlace and in some instances will be obtained from Azure Access Control Services). The

next value we need to specify is the certificate information for the Token Signing Certificate, this will be

specified in the trusedIssuers section and in our example is obtained from the Azure Access Control Service ->

Service Settings -> Certificate and Keys meu option. Finally we need to set the issuer and the realm, the ream

will be already be set from a prior setup, the issuer comes PassiveRequestorEndpoint->Address element from

the WS-Federation Metadata file (see screen shots below for examples). … <system.identityModel>

<identityConfiguration>

<audienceUris>

<add value="http://localhost/workplace/"/>

</audienceUris>

<issuerNameRegistry

type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry,

System.IdentityModel, Version=4.0.0.0, Culture=neutral,

PublicKeyToken=b77a5c561934e089">

<trustedIssuers>

<add thumbprint="A39AE26FADEEB1C9F0E618727570D776DB97DF15"

name="pticorp.accesscontrol.windows.net" />

</trustedIssuers>

</issuerNameRegistry>

<certificateValidation certificateValidationMode="None"/>

</identityConfiguration>

</system.identityModel>

<system.identityModel.services>

<federationConfiguration>

<cookieHandler requireSsl="false"/>

<wsFederation passiveRedirectEnabled="true"

issuer="https://pticorp.accesscontrol.windows.net/v2/wsfederation"

realm="http://localhost/workplace/" requireHttps="false"/>

</federationConfiguration>

</system.identityModel.services>

…

WINDOWS AZURE RELYING PARTY APPLICATION SETUP

http://localhost/workplace/


of 67

AZURE ACCESS CONTROL SERVICE TOKEN SIGNING CERTIFICATE AND KEY


of 67

AZURE WS-FEDERATION METADATA URL DOWNLOAD LINK


of 67

AZURE FEDERATIONMETADATA.XML

If using a SSO Identity Provider other than Windows Live or ADFS you will need to specify the claim type used

to define the unique attribute for the authenticated user. This value goes into the SSOClaimType4UniqueID

section in the web.config. For multiple Identify Providers simply specify the additional claim types with semi-

colon delimeter.

DEFAULT ENTRY IN WEB.CONFIG FOR WINDOW LIVE AND ADFS <add key="SSOClaimType4UniqueID"

value="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier;http://schemas.m

icrosoft.com/ws/2008/06/identity/claims/windowsaccountname"/>

When using the WorkPlace Agent or the WorkPlace OTG Server it is recommended (not required) to restrict

the IP access as these two pages fall outside of the SSO authentication process. The IP address for the

WorkPlace Agent should be the IP Address where the WP Agent Service or .EXE is being run. The IP address for

the WP OTG Server should be the IP address that is hosting the WP OTG Server web site.

Since all Database Access is being done by the shared user account we need to configure that now by setting

up a SQL user account for ALL backend queries to run under.

Give the SQL user account permission to the PTIMaster, all Control databases (example: DYNAMICS), and to

ALL Company databases that WorkPlace is installed to. Within each of these databases give the user access to

the PTIWorkPlaceAdmin role.

Specify the SQL user account in the web.config in the “SharedUserName” section.

<add key="SharedUserName" value="WPSharedUser"/>

Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to

specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 8, otherwise the setup is complete at this point.

<add key="SharedPasswordClear" value="shareduserpassword"/>

To encrypt the password you can encrypt it using the WPEncrypt.exe utility which is in your web folder in the

WPEncrypt folder. To use this utility simply go to a command line and type the following, replace the value

with the SQL user accounts password and type anything you wish into the key value. Once run you get the

encrypted password outputted to the screen and there is also a Encrypted.txt file that is generated with the

encrypted password.

WPEncrypt.exe value=" shareduserpassword" key="cookiejar"


of 67

Copy the value outputted from previous step into the “SharedPasswordEncrypted” section, also specify the key used in the “SharedPasswordEncryptedKey” section.

<add key="SharedPasswordEncrypted"

value="eynIXqZGgFjiEibiHg5aA/x/gYfu3fvu9K/xGDMl+QJfKJh2rCTHLYhQjxGSIjsm"/>

<add key="SharedPasswordEncryptKey" value="cookiejar"/>

SQL Authentication

SQL Name and Password are used and are passed directly through to the SQL Server. This requires the user to be

setup on the SQL server as a physical user and the user must have access to all databases that WorkPlace requires

access. It is recommended that the SQL password encryption option is enabled in WorkPlace when using this

method. Since the users have access to the databases a user could use excel or other connectable applications to

access WorkPlace data if non-encrypted passwords are allowed.

Specify SQL in the web.config section “ServerAuthenticationType”.

<add key="ServerAuthenticationType" value="SQL"/>

When using SQL 2005 or greater WorkPlace can honor the SQL Server Password policies by enabled the

“EnforceSQLPasswordPolicyAndExpiration” section in the web.config.

<add key="EnforceSQLPasswordPolicyAndExpiration" value="ON"/>

In order to encrypt the SQL passwords when “EnforceSQLPasswordPolicyAndExpiration” is on the setting “EnforceSQLPasswordEncryption” must also be set to “ON”

<add key="EnforceSQLPasswordEncryption" value="ON"/>

To enable users to change their SQL passwords from within WorkPlace set the “ChangePassword” setting in the web.config to “ON”

<add key="ChangePassword" value="ON"/>

SQLSHARED Authentication

SQL Name and Password for authentication only. All backend SQL operations are performed using a shared SQL

user account. This method secures access to the physical database as the user account does not have access to

any of the physical databases. This method is ideal in environments where other SQL applications are used and a

shared SQL name and password are desired.

Specify SQLSHARED in the web.config section “ServerAuthenticationType”.


of 67

<add key="ServerAuthenticationType" value="SQLSHARED"/>

Configure a SQL user account as the account that ALL backend queries will be run under.






Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to

encrypt the password go to step 6, otherwise the setup is complete at this point.






encrypted password.


Copy the value outputted from Step 6 into the “SharedPasswordEncrypted” section, also specify the key used

in the “SharedPasswordEncryptedKey” section.




When using SQL 2005 or greater WorkPlace can honor the SQL Server Password policies by enabled the

“EnforceSQLPasswordPolicyAndExpiration” section in the web.config.

<add key="EnforceSQLPasswordPolicyAndExpiration" value="ON"/>

In order to encrypt the SQL passwords when “EnforceSQLPasswordPolicyAndExpiration” is on the setting “EnforceSQLPasswordEncryption” must also be set to “ON”

<add key="EnforceSQLPasswordEncryption" value="ON"/>

To enable users to change their SQL passwords from within WorkPlace set the “ChangePassword” setting in the web.config to “ON”


of 67

<add key="ChangePassword" value="ON"/>

Active Directory / NT Authentication

The Active Directory user name that the user logged into Windows with (Integrated Authentication) or the Active

Directory user that was entered on the Basic Authentication window (Non-Integrated Authentication) is simply

passed through to the SQL Server. This method as well as the SQL option both have the same drawbacks in that

the user could use an external application to get access to the SQL databases unless a firewall is enabled. This

method also suffers from the Double-Hop syndrome whereas the SQL Server, Web Server and Client machines

must all be enabled for delegation at the Active Directory level as standard Kerberos authentication does not allow

the client browser to authenticate to the web server and then allow the web server to impersonate the credentials

to the SQL server.

Specify NT in the web.config section “ServerAuthenticationType”.

<add key="ServerAuthenticationType" value="NT"/>

Set the “authentication” mode to “Windows” in the web.config

<authentication mode="Windows"/>

Set the “identity” impersonate to “true” in the web.config

<identity impersonate="true"/>

Remove the Anonymous access from the Application Folder / Virtual Directory and check the Basic or

Windows/Integrated authentication checkboxes.

Windows 2008 Screen Shot


to this group. Now on the SQL Server add this group and give this group permission to the PTIMaster, all

Control databases (example: DYNAMICS), and to ALL Company databases that WorkPlace is installed to.

Within each of these databases give the group access to the PTIWorkPlaceAdmin role.

Configure the Windows Management Instrumentation (WMI) Control. From the Web Server go to Start

Control Panel Administrative Tools Computer Management. Open the Service and Applications group.

Right-click on the WMI Control and select Properties.


of 67

Go to the Security tab and open the Root group and then highlight the CIMV2 folder and click the Security

button.

Add your Active Directory group. Check both the ‘Enable Account’ and ‘Remote Enable’ in the lower ‘Permissions’ pane. Click Advanced and highlight the group you just added. Click Edit. In the ‘Apply onto’ drop-

down, change the setting to "This namespace and subnamespaces". Click ‘OK’ on all the open dialogs to complete.

Reboot the Web Server to invoke changes.

Active Directory / NTSHARED Authentication

The Active Directory user name that the user logged into Windows with (Integrated Authentication) or the Active

Directory user that was entered on the Basic Authentication window (Non-Integrated Authentication) is used to

identify the user to WorkPlace. The SQL backend operations are all performed using a shared SQL account. This

method is the preferred model in larger organizations as the user cannot access the databases via external

applications and all password and account management is at the Active Directory level. This option also eliminates

the double-hop issue with Active Directory.

Specify NTSHARED in the web.config section “ServerAuthenticationType”.

<add key="ServerAuthenticationType" value="NTSHARED"/>

Set the “authentication” mode to “Windows” in the web.config


of 67

<authentication mode="Windows"/>

Set the “identity” impersonate to “true” in the web.config

<identity impersonate="true"/>

Set the "SessionSQLConnectionString" using SQL Account. See Chapter 13: Session User Setup - Configuring

using SQL Account.







Specify the Shared SQL user account’s password. There are two options at this point. The simplest is to specify the password in a clear form and type it into the “SharedPasswordClear” section. If you prefer to encrypt the password go to step 6, otherwise the setup is complete at this point.






encrypted password.






Remove the Anonymous access from the Application Folder / Virtual Directory and check the Basic or

Windows/Integrated authentication checkboxes.


of 67

Windows 2008 Screen Shot


to this group.

Configure the Windows Management Instrumentation (WMI) Control. From the Web Server go to Start

Control Panel Administrative Tools Computer Management. Open the Service and Applications group.

Right-click on the WMI Control and select Properties.

Go to the Security tab and open the Root group and then highlight the CIMV2 folder and click the Security

button.

Add your Active Directory group. Check both the ‘Enable Account’ and ‘Remote Enable’ in the lower ‘Permissions’ pane. Click Advanced and highlight the group you just added. Click Edit. In the ‘Apply onto’ drop-


of 67

down, change the setting to "This namespace and subnamespaces". Click ‘OK’ on all the open dialogs to complete.

Reboot the Web Server to invoke changes.

Forms Authentication

The Active Directory user name that the user logged into Windows with is used to authenticate against the

WorkPlace Web Server using IIS Forms Authentication. Once authenticated against the web site, the user’s credentials are passed to the WorkPlace solution which will authenticate against the application level security. All

SQL backend operations are all performed using a shared SQL account. This method is a preferred model in larger

organizations as the user cannot access the databases via external applications and all password and account

management is at the Active Directory level. This option also eliminates the double-hop issue with Active

Directory.

Specify FORMS in the web.config section “ServerAuthenticationType”.

<add key="ServerAuthenticationType" value="FORMS"/>

Set the “authentication” mode to “Forms” in the web.config

<authentication mode="Forms"/>

Set the "SessionSQLConnectionString" using SQL Account. See Chapter 13: Session User Setup - Configuring

using SQL Account.














encrypted password.


of 67





There are 3 additional sections in the web.config file specific to FORM Configuration. Each begins with “START: FORM” and will need to be uncommenting and updated as outlined below.

Update FORM Config Section 1 with the customer specific Active Director Connection String.





<location path="Central/LoginAction.aspx">

<system.web>

<authorization>

<allow users="*"/>

</authorization>

</system.web>

</location>

<location path="Central/WPAgent.aspx">

<system.web>

<authorization>

<allow users="*"/>

</authorization>

</system.web>

</location>

<location path="OTG/OTGMain.asmx">

<system.web>

<authorization>

<allow users="*"/>

</authorization>

</system.web>

</location>

<connectionStrings>

<add name="ADConnectionString"

connectionString="LDAP://domain.mycompany.com/CN=Users,DC=domain,DC=mycompany,DC=com"/

>

</connectionStrings>

of 67

Update FORM Config Section 2 with the AttributeMapUIsername which will be one of 2 options;

sAMAccountName: The active Directory ‘User Logon Name’ (pre-Windows 2000) with no domain

which would be used as the Login Name in WorkPlace Security (i.e. aduser).

userPrincipalName: The active directory ‘User Logon Name’ with the domain email which would be

used as the Login Name in WorkPlace Security (i.e. [email protected]).


<authorization>

<deny users="?"/>

<allow users="*"/>

</authorization>

<membership defaultProvider="MyADMembershipProvider">

<providers>

<!--attributeMapUsername values: "sAMAccountName" which would be the

account name such as jsmith, and "userPrincipalName" which is

would be UserName@DomainName or

[email protected]>

<add name="MyADMembershipProvider"

type="System.Web.Security.ActiveDirectoryMembershipProvider,

System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

connectionStringName="ADConnectionString"

attributeMapUsername="sAMAccountName"

/>

</providers>

</membership>


Update FORM Config Section 3 by removing the comment tags to appear as below. No other updates are

required.


<forms name=".ADAuthCookie" timeout="10" loginUrl="~/Central/Login.aspx"

defaultUrl="~/"/>


Update the WorkPlace Application Folder / Virtual Directory to enable Anonymous and Forms Authentication.

All other settings should be disabled.


of 67

Application Authentication

User accounts and passwords are managed by WorkPlace exclusively and all SQL backend operations are

performed using a shared user account. Under this option the user names are the email addresses of the user.

The key benefit with this method is that if users forget their passwords they can simply click a “forgot password” button on the logon page and reset their own passwords. This method is ideal for environments where account

management at the SQL or NT level is not ideal or empowering the user to manage their own password cuts

administrative overhead.

Specify APP in the web.config section “ServerAuthenticationType”.

<add key="ServerAuthenticationType" value="APP"/>














encrypted password.


Chapter 17: Administrative User

The administrative user defined in the web.config will grant access to WorkPlace even if the user is not configured

in WorkPlace. This user does not go against the licensed user account and allows limited access to certain

WorkPlace functions such as Security and Setting Settings.


of 67

Specify the administrative users login name in the web.config section “AdministrativeUser”. For Active Directory specify the domain prefix.

<add key="AdministrativeUser" value="mydomain\jsmith"/>

SSO Setup

To initially get into WorkPlace with SSO enabled you have to do one of two things. One you can setup WorkPlace

for another authentication method and then configure the WorkPlace user account and setup the default SMTP

server settings. Then flip the authentication over to SSO and then follow the dialogs to assication your SSO account

with WorkPlace. The other method involves manually setting up this account which is detailed below.

1. Navigate manually to http://www.mydomain/WorkPlace/Central/SSOInfo.aspx (replace the domain

and folder with your valid specific values). From this page you get the value for the unique identifier

and the identity provider.

SSOINFO.ASPX

2. Use the values from step 1 and insert a manual record with this information into the PTISecuritySSO

table that is within the PTIMaster database.

INSERT INTO PTISecuritySSO (idfEmail,idfFlagActivated,idfIdentityProvider,idfIdentityUniqueID)

VALUES ('[email protected]',1,'uri:WindowsLiveID','8tsPDrj9x8nhfjbi0qkYvF0zBqXsZ0+i7bjo6L9FVl8=')

Chapter 18: Crystal Report SQL User Account

If using Active Directory / NT Pass-through or are using any options in the

SQLPasswordEncryptionExtendedSupport setting such as “GRPCONNECT” then the following steps will need to be

performed.

Configure a SQL user account for running the Crystal Reports queries.



the PTIWorkPlaceRFQVndAccess role.

Update the web.config settings “ReportUserName” and “ReportPassword” with the SQL user account that was just configured.

<add key="ReportUserName" value="WPCrystalUser"/>

<add key="ReportPassword" value="7803*&#@"/>

http://www.mydomain/WorkPlace/Central/SSOInfo.aspx


of 67

Chapter 19: RFQ Vendor User

If licensed for Request for Quote then a SQL user account will need to be created for the RFQ module to process

responses from outside vendors.

Configure a SQL user account.



the PTIWorkPlaceUser role.

Update the web.config settings “VendorUserName” and “VendorPassword” with the SQL user account that was just configured.

<add key="VendorUserName " value="WPVendorUser"/>

<add key="VendorPassword " value="7803*&#@"/>

Chapter 20: Date Format

The date format that is used in WorkPlace can be changed in the web.config. Once changed all display and input

fields will use this format.

To change the date format edit the “DateFormat” section of the web.config.

<add key="DateFormat" value="MM/dd/yyyy"/>

Format Option Example

MM/dd/yyyy 01/12/2015

yyyy.MM.dd 2015.12.01

dd/MM/yyyy 12/01/2015

dd.MM.yyyy 12.01.2015

dd-MM-yyyy 12.01.2015

MM-dd-yyyy 01-12-2015

yyyy/MM/dd 2015/01/12

Chapter 21: Session Timeout

The amount of inactivity allowed before a user has to re-login is controlled by the “SessionTimeout” setting in the web.config. The default time is 60 minutes.

To modify the timeout simply edit the “SessionTimeout” web.config setting and change to the specified amount of minutes.

<add key="SessionTimeout" value="60"/>

Chapter 22: Language Engine

If the Language Engine has been purchased and licensed the following setup needs to be performed.

Configure a SQL user account that will be used to access the Language Resource tables.


of 67

Set the Default Database of the SQL user account to be one of the companies that WorkPlace is installed

against. This is important as the Default Database on the Language User Account tells WorkPlace where the

Language Resource tables are.

Give the SQL user account permission to the PTIMaster and to the Company database. Within each of these

databases give the user access to the PTIWorkPlaceLanguageAccess role.

Specify the SQL Language user name and password in the web.config

<add key="LanguageUserName" value="WPLanguageUser"/>

<add key="LanguagePassword" value="pass@word1"/>

The default language used by WorkPlace can be specified in the “Language” section of the web.config.

<add key="Language" value="English"/>

Chapter 23: Web Server Folder Security

Within the web objects folder on the web server there are a three folders that WorkPlace needs full privileges on.

Those folders are the Attachments, ReportExports, and DynamicFiles.

1. Using Explorer, Navigate to the WorkPlace web server folder created during installation (Unless changed

during install, default location is C:\Program Files (86)\WorkPlace).

2. Navigate to the WorkPlace\Central\Attachments folder

3. Right-mouse click on the Attachments Folder Sharing and Security

4. Select the SECURITY Tab

5. Select the appropriate user account/group

a. If using SQL, SQLSHARED, or APP Authentication: Select the User Account that the Application

Pool is running under.

b. If using NT or NTSHARED: Select the WorkPlace users Active Directory Group

6. Allow READ, WRITE and MODIFY Permissions for this account

7. Select OK to save your changes and close the Security Properties Window

8. Repeat Step 1 through 7 for the Central\ReportExports folder

9. Repeat Step 1 through 7 for the Central\DynamicFiles folder

10. Repeat Step 1 through 7 for the C:\Windows\Temp folder

Part 5: Logging into WorkPlace

Chapter 24: Your WorkPlace URL

Open Internet Explorer and enter the address of your WorkPlace Application

Your URL will look like this:

http://<Web server machine name>/<IIS virtual directory name>

For Example:

Web Server Name = Neptune; Virtual Directory Name = WorkPlace


of 67

You would type in: Http://NEPTUNE/WORKPLACE

- OR -

Example: Web Server IP address = 120.120.120.118; Virtual Directory = WorkPlace

You would type in: Http://120.120.120.118/WORKPLACE

When you successfully launch WorkPlace from your browser, you will reach a login screen where you will need to

enter some or all of the following information:

Username

Password

Company Name

Option to change Password

The information required/available on the login screen is primarily determined by the Authentication mode that

you have configured to validate users and passwords.

The option to allow users to change their own passwords is available only in SQL

Authentication mode. This feature can be activated by modifying the Web.config file.

http://neptune/WORKPLACE

http://120.120.120.118/WORKPLACE


of 67

Appendix A: WP Agent Utility

The Agent program (typically c:\program files\WorkPlace\wpagent\WPAgent.exe) is a stand alone executable

program that calls a special web page (WPAgent.aspx) on a regular schedule. When called, the web page checks

for two types of situations as explained in the “uses” section below, and if found and launches the appropriate routines. The frequency the agent program calls the web page is scheduled on the web server using a command

line ‘AT’ command or by using ‘Scheduled Tasks’ in Control Panel.

Uses

1) When WorkPlace is installed with an EAIC, the WP Agent can be used to automatically update WorkPlace

application tables based on any modifications that have been made by by the application connected via the EAIC.

2) Also, this utility can be used to automatically send out an “Approval Tickler” email from the standard WorkPlaceemail engine. Reminder emails can be sent by the agent program when transactions (i.e.: Requisitions, Invoices,

Timesheets, Expense Sheets) have been submitted for approval, but have not yet been loaded into an approval

session.

Configuration

ACTIVATE

The WP Agent Program must be activated within the WorkPlace application System Settings page. To do so, simply

fill in a value for “Elapsed Hours” setting on the General Tab. The minimum number of hours is one, and fractional hours are not valid. The WP Agent Program is activated and configured per individual company. Each company

can have a different number of ‘elapsed hours’ specified in its WorkPlace System Settings.

ASSIGN A USER

SQL Authentication: select or create a user in SQL Server that is a member of the PTIWorkPlaceUser Role in all

Company DB(s), PTIMaster, and the Financial Application Control Database.

NT Authentication: select or create a user that is also a member of the NT Group for WorkPlace users.

CREATE COMMAND

Configure a command to launch the Agent program using ‘Scheduled Tasks’ in Control Panel or a command line ‘AT’ command. For example:

WPAgent.exe url="http://127.0.0.1/WorkPlace/Central/WPAgent.aspx" user="wpagent" password="wppass"

NOTE: The user information entered on the ‘Scheduled Task” Windows form can be any valid windows user on the web server. This user is separate and can be different from the

user information listed in your WPAgent command line.

Required Command Parameters (parameter names must be in lower case)

[url] This must point to the location of WPAgent.aspx within your virtual

folder you have configured for WorkPlace.

[user] The SQL Server/NT User Name.


of 67

[password] The password for the User above.

[domain] NT Authentication ONLY: the User account’s network domain name.

Optional Command Parameters (parameters in lower case, ON/SCREEN in upper case)

[debug] ON: Output will be written to a file called WPAgentLog.txt in the

path specified in [path], if no path is specified, C:\ will be used.

SCREEN: Output will be written to the console screen exclusively.

[path] This is the path where the WPAgentLog.txt will be created.


of 67

Appendix B: Notes on upgrading

Upgrading from Previous WorkPlace Versions

Previous versions of WorkPlace ran on the .NET 2.0 (before version 11) and .NET 4 (after version 11) framework as

was limited to 32 bit mode only. WorkPlace 2015 is built on the .NET 4.5.2 framework and the System

Requirements within this document should be consulted prior to upgrading.

Install the Microsoft Framework 4.5.2 version.

Install the new Crystal Reports.NET v13.0.5.891, either the 32bit or 64bit depending on OS.

If using the Dynamic GP 9, 10, 11+ encryption refer Appendix D: Dynamics GP Users as there are changes in

how this is setup.

SQL password encryption was changed with WorkPlace version 11 to a new encryption engine as the old

engine only supported 32 bit operation. If you wish to continue to use the old password encryption you can

enable the old encryption library by setting the web.config setting “SQLClassicEncryptionEnabled” to “ON”

<add key="SQLClassicEncryptionEnabled" value="ON"/>

If not on GP 8 or earlier or you want to run in native 64 bit mode then the “SQLClassicEncryptionEnabled” cannot be set to “ON” and all the WorkPlace SQL user accounts will have to have their SQL passwords reset. This can be done manually by the WorkPlace admin or there is a built in stored procedure than can be run in

the WorkPlace company database to set all the SQL accounts to a common password along with forcing the

users to change their password on logon. The stored procedure to execute is spPTISQLResetPasswordAll, it

takes one parameter which is the default password that all users will be set to. The default password is

“wppass”

EXEC spPTISQLResetPasswordAll

General Notes

Upgrading WorkPlace generally has fewer steps than a fresh “production” installation because most of the work was already done during your original install. For all upgrades:

When preparing to request your new license, you can generate the License Information File from within

WorkPlace on the System Settings General tab.

Unless you have a specific reason (i.e. instructed to by the release notes) you need not re-install the

Optional Window components.

Select “Upgrade” instead of production when installing SQL Objects. After installing Web Objects you can simply copy your backup web.config file into the Web-server

main installation folder to restore your custom settings.

Also, copy any modified reports from the web server as you will need to copy these back in after the

upgrade.

Most likely, you will be able to launch WorkPlace without modifying settings in your operating

environment (i.e. IIS Manager, SQL Server, and Security Settings on the Web-server installation

folder.)

There are two main types of upgrades, and the process varies between the two:

Upgrading to a new version of WorkPlace

Download the new version of WorkPlace from the Customer Area website. Unzip on your Web-

server and double-click Setup.exe to launch.

Using the WorkPlace Installation Wizard, Install both Web Objects and SQL Objects.


of 67

When Installing SQL Objects, on the page where you identify your Financial Application version, check

to make sure the version of WorkPlace listed in the header of the popup window is the version

number you expect.

Select all of the same settings from your last install when installing your new objects EXCEPT:

Select “Upgrade” instead of production when installing SQL Objects

Adding a new Interface to your current WorkPlace version

Don’t run the WorkPlace installation Wizard! Instead, go to the Windows Start Menu on your Web-

server and run SQL Installer .NET to install your WorkPlace SQL Objects (this is more efficient and

saves time.)

When Installing SQL Objects, on the page where you identify your Financial Application version, check

to make sure the version of WorkPlace listed in the header of the popup window is the version

number you expect.

Select all of the same settings from your last install when installing your new objects EXCEPT:

Select “Upgrade” instead of production when installing SQL Objects, and Select the checkbox to install the NEW INTERFACE that has caused you to upgrade.


of 67

Appendix C: Un-Installing WorkPlace

Remove the installed Web Objects

Delete the folder from where you originally installed the WorkPlace web objects. Once removed open Internet

Information Services and remove the application/virtual folder that was created for WorkPlace. Also, remove the

Application Pool.

Removing the installed SQL Databases

During the SQL objects installation process, tables, triggers, stored procedures and views were installed to the

Control database and Company database(s). To remove these objects email

[email protected] for additional information. Also, there is another shared database called

PTIMaster that should be removed only if WorkPlace is being removed from ALL Companies on the associated SQL

Server.

Removing the installed Optional Windows Components

These optional Windows Components can be removed using the standard Add/Remove programs feature included

with Windows.

of 67

Appendix D: Dynamics GP Users

General Considerations

User logins (SQL Users) created via Dynamics GP (Setup System User) can be registered within

WorkPlace Security to permit that same user name and password login access to WorkPlace.

If desired, User logins can be created in GP WITHOUT a class id attached, which will permit login

access to WorkPlace without enabling access to any Great Plains module.

WorkPlace supports ENCRYPTED passwords. See below for details.

Supporting GP 9+ Password encryption

Configuration

When using SQL Authentication for WorkPlace and some Dynamics GP 9+ Users are also WorkPlace Users, the

following settings must be made to support Password Encryption for Great Plains User accounts.

Create an ODBC DSN on the web server. From the Windows Start Menu on your web server, go to

Administrative Tools, Data Sources (ODBC) and select the System DSN tab to check for a connection to your

SQL Server. If the required DSN connection does not exist, you can simply ADD it. Be sure to set up the DSN

using SQL Authentication and otherwise use the default settings offered. . A ‘Help’ button is available on the

ADD DSN pages for further information.

In order for Reports to run properly the Report User name must be setup in the web.config. See the Crystal

Report SQL User Account section in this guide.

Configure the “SQLPasswordEncryptionExtendedSupport” section of the Web.Config settings, replace the

value dsn shown below with the name of the DSN connection from your web server to your SQL Server:



<add key="SQLPasswordEncryptionExtendedSupport" value="GRPCONNECT;dsn"></add>

Install and install the Microsoft Framework .NET 3.5 SP1 which is required by the Dynamics GP encryption

library.

Copy the appropriate GPConnNet.dll file from the Web objects FinancialPlatform\DynamicsGP\GPConnNet

folder that you installed on the web server to the WorkPlace bin\ folder. There is a 32Bit and 64Bit folder in

the FinancialPlatform\DynamicsGP\GPConnNet folder. Select the proper one for the OS that is running

WorkPlace.

Supporting GP 8 and earlier Password encryption

Configuration

When using SQL Authentication for WorkPlace and some Dynamics GP 8 and earlier Users are also WorkPlace

Users, the following settings must be made to support Password Encryption for Great Plains User accounts.

Due to limitations with the Dynamics GP libraries the web virtual/application folder must be running in 32 bit

as 64 bit is not supported.

Edit the web.config and set the “SQLClassicEncryptionEnabled” setting to “ON”.

<add key="SQLClassicEncryptionEnabled" value="ON"/>


of 67

Functionality

USER INITIATED PW CHANGES

Due to restrictions with Dynamics GP 9+’s password encryption, certain User’s are no longer allowed to change their password on the WorkPlace login page. If a user’s account was created in Dynamics GP 9+ and they attempt

to use the “Change Password” feature on the WorkPlace login page, the following message will be displayed: “Password must be set in Dynamics GP 9+.”

However, users can change their own password in Dynamics GP 9+ at:

(Tools Setup User Preferences Password button.) Afterwards, the User must re-login to Great Plains with

the new password before they will be allowed to login to WorkPlace with new password.

PW CHANGES FROM WORKPLACE SECURITY

If a user’s account was created in Dynamics GP 9+ and their password is changed from the WorkPlace Security

page, the User will no longer be able to launch Dynamics and login with the old password.

Upon their next new Dynamics GP 9+ session, they must login with the new password set in WorkPlace and will

then be prompted to change their password. At this point, it is recommended that the user enter the same PW

that was just set in WP Security for all values. However, any new PW they set at this time will then be valid for

both Dynamics and WorkPlace going forward.

INTERACTIONS WITH WORKPLACE PW ENCRYPTION

WorkPlace also has an encryption feature which is primarily intended to provide enhanced security on SQL user

accounts that are created in WorkPlace and do not have login access to Dynamics GP. WorkPlace encryption can

be activated from Maintenance System Settings by checking the “Encrypt SQL Password” option.

BE AWARE: If a user’s account was created in Dynamics GP 9+ and WorkPlace encryption is not active, if their

password is changed from the WorkPlace Security page that user will then have the ability to login to other SQL

based applications. However, upon the user’s next login to Dynamics, when they are prompted to change passwords, the GP 9+ SQL encryption will be restored.


of 67

Appendix E: Encrypting the Web.Config

The web.config can hold some sensitive information such as special user names and password for session

management, report execution and language management to name a few. In order to secure this information .NET

provides a build in encryption routine for the web.config. Following are excerpts from the Microsoft .NET

documentation on performing this activity.

Encrypting Web.Config

To encrypt the WorkPlace appSettings inside the web.config simply run this command. Make sure when you run

this command that is from the Administrators level command prompt. Also make sure you are using the proper

.NET framework folder for your version that WorkPlace is running under and that you specify the proper virtual

folder that WorkPlace is using.

Example:

C:\>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pe "appSettings" -app "/WorkPlace"

Decrypting Web.Config

To decrypt the WorkPlace appSettings inside the web.config simply run the same command as we did to encrypt

but we will use the –pd command versus the –pe. Make sure when you run this command that is from the

Administrators level command prompt. Also make sure you are using the proper .NET framework folder for your

version that WorkPlace is running under and that you specify the proper virtual folder that WorkPlace is using.

Example:

C:\>C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -pd "appSettings" -app "/WorkPlace"

Microsoft Documentation for Encrypting and Decrypting Configuration Sections

Information Obtained from Microsoft Article: https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx

You can use the ASP.NET IIS Registration Tool (Aspnet_regiis.exe) to encrypt or decrypt sections of a Web

configuration file. ASP.NET will automatically decrypt encrypted configuration elements when the Web.config file

is processed.

NOTE: The Aspnet_regiis.exe tool is located in the %windows%\Microsoft.NET\Framework\versionNumber folder.

You can also use the protected configuration classes in the System.Configuration namespace to encrypt and

decrypt sections of a Web configuration file, sections of a configuration file for an executable (.exe), or sections in

the machine-level and application-level configuration files. For more information, see the ProtectSection method

of the SectionInformation class. For information on referencing a section of a Web.config file, see the

WebConfigurationManager class. For information on referencing configuration sections of files other than the

Web.config file, see the ConfigurationManager class.

Encrypting a Web Configuration Section

To encrypt configuration file contents, use the Aspnet_regiis.exe tool with the –pe option and the name of the

configuration element to be encrypted.

Use the –app option to identify the application for which the Web.config file will be encrypted and the -site option

to identify which Web site the application is a part of. The Web site is identified using the site number from the

Internet Information Services (IIS) metabase. You can retrieve the site number from the INSTANCE_META_PATH

server variable in the ServerVariables collection. For example, when IIS is installed, a Web site named "Default

https://msdn.microsoft.com/en-us/library/zhhddkxy.aspx

https://msdn.microsoft.com/en-us/library/system.configuration.aspx

https://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.protectsection.aspx

https://msdn.microsoft.com/en-us/library/system.configuration.sectioninformation.aspx

https://msdn.microsoft.com/en-us/library/system.web.configuration.webconfigurationmanager.aspx

https://msdn.microsoft.com/en-us/library/system.configuration.configurationmanager.aspx

https://msdn.microsoft.com/en-us/library/system.web.httprequest.servervariables.aspx


of 67

Web Site" is created as site 1. In pages served from that site, the INSTANCE_META_PATH server variable returns

"/LM/W3SVC/1". If you do not specify a -site option, site 1 is used.

Use the –prov option to identify the name of the ProtectedConfigurationProvider that will perform the encryption

and decryption. If you do not specify a provider using the -prov option, the provider configured as

thedefaultProvider is used.

NOTE: If you are using an RsaProtectedConfigurationProvider instance that specifies a custom key container, you

must create the key container before running the Aspnet_regiis.exe tool. For more information, see Importing and

Exporting Protected Configuration RSA Key Containers.

The following command encrypts the connectionStrings element in the Web.config file for the application

SampleApplication. Because no -site option is included, the application is assumed to be from Web site 1 (most

commonly Default Web Site in IIS). The encryption is performed using the RsaProtectedConfigurationProvider

specified in the machine configuration.

aspnet_regiis -pe "connectionStrings" -app "/SampleApplication" -prov "RsaProtectedConfigurationProvider"

When a page or other ASP.NET resource in the application is requested, ASP.NET calls the provider for the

protected configuration section to decrypt the information for use by ASP.NET and your application code.

NOTE: To decrypt and encrypt a section of the Web.config file, the ASP.NET process must have permission to read

the appropriate encryption key information. For more information, see Importing and Exporting Protected

Configuration RSA Key Containers.

Decrypting a Web Configuration Section

To decrypt encrypted configuration file contents, you use the Aspnet_regiis.exe tool with the -pd switch and the

name of the configuration element to be decrypted. Use the –app and -site switches to identify the application for

which the Web.config file will be decrypted. You do not need to specify the –prov switch to identify the name of

the ProtectedConfigurationProvider, because that information is read from the configProtectionProvider attribute

of the protected configuration section.

The following command decrypts the connectionStrings element in the Web.config file for the ASP.NET application

SampleApplication:

aspnet_regiis -pd "connectionStrings" -app "/SampleApplication"

https://msdn.microsoft.com/en-us/library/system.configuration.protectedconfigurationprovider.aspx

https://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx

https://msdn.microsoft.com/en-us/library/yxw286t2.aspx


https://msdn.microsoft.com/en-us/library/system.configuration.rsaprotectedconfigurationprovider.aspx



https://msdn.microsoft.com/en-us/library/system.configuration.protectedconfigurationprovider.aspx


of 67

Index

Access the WorkPlace Application(s) ...................... 56

Db Installation Log ................................................... 27

Default Web Objects Location ................................. 29

IIS 33, 35

Installation Wizard ................................................... 18

Installing Workplace ................................................ 17

Main Installation Window ....................................... 19

SQL Object Installation ............................................ 21

SQL Server Services ................................................. 17

Virtual Directory ................................................ 56, 57

Web Objects Installation ......................................... 29

Web Server Services ................................................ 17

Web Site Configuration ........................................... 33

Windows Components ............................................ 30

WorkPlace license .............................................. 13, 17

workplace applications installation/upgrade guide · internet explorer 7 or greater (ie 9 or...

Documents