Professional Documents
Culture Documents
Protectionand Site License
Protectionand Site License
G ETTING S TARTED
WITH THE P ROTECTION S YSTEM IN
VERSION 2006
Copyright. 2007 CaseWare International Inc. (“CWI”). All Rights Reserved. Use, duplication, or
disclosure by the United States Government is subject to the restrictions set forth in DFARS
252.227-7013 ©(1)(ii) and FAR 52.227-19.Notice to U.S. Government End Users. This publication
and the related computer software was developed exclusively at private expense and for the
purposes of U.S. acquisition regulations the related computer software is “commercial computer
software” subject to limited utilization (“Restricted Rights”).
This publication may only be copied and otherwise used as permitted in the applicable license
agreement and, subject to the express terms of such license, use of this publication is subject to
the following terms and conditions:
All copyright and other proprietary notices must be retained on every copy made.
CWI has not conferred by implication, estoppel or otherwise any license or right under any patent,
trademark or copyright of CWI or of any third party.
This publication is provided “as is” without warranty or condition of any kind, either expressed or
implied, including, but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement.
This and related publications may include technical inaccuracies or typographical errors. Changes
are periodically made to CWI publications and may be incorporated in new editions.
CWI may improve or change its products described in any publication at any time without notice.
CWI assumes no responsibility for and disclaims all liability for any errors or omissions in this
publication or in other documents, which are referred to within or linked to this publication. Some
jurisdictions do not allow the exclusion of implied warranties, so the above exclusion may not
apply to you.
Should you or any viewer of this publication respond with information, feedback, data, questions,
comments, suggestions or the like regarding the content of any CWI publication, any such
response shall be deemed not to be confidential and CWI shall be free to reproduce, use, disclose
and distribute the response to others without limitation. You agree that CWI shall be free to use
any ideas, concepts or techniques contained in your response for any purpose whatsoever
including, but not limited to, developing, manufacturing and marketing products incorporating
such ideas, concepts or techniques.
This publication is distributed internationally and may contain references to CWI products,
programs and services that have not been announced in your country. These references do not
imply that CWI intends to announce such products, programs or services in your country.
Product names, logos, designs, titles, words or phrases within this publication may be trademarks,
service marks, or trade names of CWI or other entities and may be registered in certain
jurisdictions.
Contents
BEFORE YOU START II
OVERVIEW 4
CENTRAL DATA STORE 5
Personal Data Store only 5
Standalone Shared Data Store 5
Time-integrated Shared Data Store 5
PROTECTION SETUP 5
Deciding whether to use a Shared Data Store 6
Creating the Shared Data Store 6
Setting Administrative Options 10
Connecting other computers to the Shared Data Store 11
Populating the User List 12
USING THE PROTECTION SYSTEM 16
Users and Groups 16
Adding Users 17
Deleting Users 18
Modifying Users 19
Adding a Group 19
Assigning Users to Groups 21
Importing Groups 23
LOGGING IN 25
SECURITY ID (SECURING THE CENTRAL DATA STORE) 27
Disabling the Security ID 27
• User lists that are now stored in the Central Data Store;
This document provides a detailed overview of the Working Papers protection system that is
used to control access to client files. In addition to providing an overview of the protection
system, instructions for setting up the system is provided.
When first using Working Papers 2006, protection is not fully configured and a brief setup is
required. We recommend that the setup be done by a network administrator since
an incorrect setup can result in users being prevented from accessing Working Paper files.
The network administrator or someone who is familiar with setting up file access rights and
permissions is responsible for initial protection setup. If not properly configured, it is possible
that some users will be prevented from accessing Working Papers files. The person should
be familiar with:
Overview
Protection is based on users and groups. Users are people who need access to Working
Papers client files. A group is a collection of assigned users (an assigned user is simply a
user who is a member of one or more groups) who have certain rights to perform actions in
a Working Papers file. For example, the users in a specific group may have the rights to add
adjusting entries and perform consolidations but not to assign map numbers to accounts.
The list of users available is stored in the Central Data Store which serves as a central
database of information used by Working Papers. Currently this database contains
information about recently accessed Working Paper files (used by Tracker) and the list of
available users (used by the protection system). The Central Data Store on several
computers may be configured to use a shared data store which allows several computers to
use a common Central Data Store database. Thus, if a shared data store is used, all people
connected to the same shared data store have access to a common set of users.
Another feature of Working Papers protection is Windows Active Directory integration. The
Windows Active Directory system allows Working Papers to access the list of users
connected to a Windows domain.
Working Papers integrates with the Windows Active Directory in two ways:
Protection Setup
To use the protection system, a brief setup is required. The following list summarizes the
steps to follow to set up the protection system. Each step is explained in detail later.
1. Decide whether to use a shared data store.
• You want the protection system on all computers in your firm to have access to a
common list of users.
• You want Tracker on all computers in your firm to have access to a common list of
accessed client files.
• You wish the Central Data Store to be integrated with CaseWare Time 2006. A Time-
integrated store allows the same list of users to be accessed by both Working Papers and
Time. A Time-integrated Store can only be created if a shared data store is being used.
• You wish to use the Active Directory features to populate the user list and to enable
Windows authentication. The Active Directory features are only available if a shared data
store is being used.
• You wish to use the security ID feature. The security ID feature is available only for
shared data stores.
If you do not wish to use a shared data store, you can import users from the legacy user
lists (see the Importing Users from Legacy User Lists section) and proceed to use the
protection system.
• If you are creating a Time-integrated store, Time 2006 must be installed and a previously
created Time data file must exist.
• Before creating a shared data store, ensure that each person who will be attached to the
shared data store has read, write, and delete permissions for the directory and server.
• Record the location of the newly created store. This location will be required later to
connect other computers to this shared data store.
• If a security ID is specified, the security ID must be recorded. The same security ID will
be needed if the Central Data Store needs to be re-created for some reason. A full
explanation of the security ID is explained later in this document; see the Security ID
section.
3 Click the Central Data Store option on the left pane of the dialog. The Central Data Store
page opens.
4 Click the Shared data store located at button. The Choose Shared Data Store dialog
automatically opens if there is no existing shared data store. If a shared data store
exists, click the Browse button to open the Choose Shared Data Store dialog.
6 The Data Store Wizard opens. Decide whether to use a Standalone (non Time-integrated)
or a Time-integrated store. A Time-integrated store allows Working Papers to access the
same user list that is used by Time.
If you are creating a standalone tore, specify where to create the shared data store.
Either a drive mapped location (i.e., Y:\store) or a UNC (i.e., \\sharedserver\store) may
be used. It is important that all users who need to attach to the store have full rights
If you are creating a Time-integrated store, specify the location of an existing Time file.
Important: Record the location of the newly created store. This location will be required
later for other computers connecting to this shared store.
You can enter a security ID to add a second level of protection on Working Papers client
files. The security ID is optional. The security ID ensures that only administrators
Important: If specified, record the security ID. The same security ID will be needed if
the Central Data Store needs to be re-created for any reason.
9 Click Finish to create the store. The storeinfo.cws file is created in the Store
folder.
Standalone Store
Time-integrated Store
Security ID Specify the security Id if not previously set. If previously set, it will be displayed for
informational purposes only but may not be modified.
Require log in for Tracker If this is selected, users must log in to Tracker when it is opened.
Enable Active Directory Check this feature if:
Integration
• You want users to log in to Working Papers client files using the same ID that
they use when logging in to their computer.
• You wish to populate the list of users maintained by Working Papers with the
same list of users maintained by Windows.
If Enable Active Directory Integration is selected, Working Papers will attempt to
log in the current Windows user when opening a client file. For example, suppose
the current Windows user is john.smith. Further, suppose Working Papers user
john.smith is a member of a group in a Working Papers client file. If john.smith
attempts to log in to that file, he will automatically be granted access (without
being required to manually log in again) to the file as his credentials had already
been checked by Windows; that is, he had previously been authenticated by
Windows. A full explanation of the logging in process (with and without Windows
Active Directory integration) is explained later (see the Logging In section).
3 Click the Central Data Store option on the left pane of the dialog. The Central Data Store
page opens.
3 Click the Shared data store located at: option. The Choose Shared Data Store dialog
automatically opens if there is no existing shared data store. If a shared data store
exists, click the Browse button to open the Choose Shared Data Store dialog.
4 Locate the file storeinfo.cws that was created during the Creating the Shared Data
Store step. This file will be in the same location as indicated on the final page of the Data
Store Creation wizard.
• In general, a firm will do either an Active Directory import or a legacy user list import,
not both.
• It is not necessary to import a user list: users may instead be added manually as
described in the Using the Protection System section.
• The Active Directory Import is only available if a shared data store is being used and if
Active Directory Integration is turned on in the Administrator options dialog (Tools |
Options | Central Data Store | Administrator Options).
• The import can only be done from the default Active Directory server. It is possible to
import from several Active Directory servers. However, the import for each server must
be done from a computer which connects to that server by default.
• If a Time-integrated shared data store is being used, users are imported as non-
Timekeepers for Time. If a user is to be designated as Timekeeper, the user must be
explicitly set as such in the Staff dialog in Time.
3 Click the Central Data Store option on the left pane of the dialog. The Central Data Store
page opens.
4 Click the Administrator Options button. If the currently logged in user is not an
administrator, the Log in as Administrator dialog opens requesting the user name and
password of an administrator. In that case, enter the data and click OK. The
Administrator Options dialog opens.
5 Ensure the Enable Active Directory Integration check box is selected.
6 Click the Synchronize With Active Directory button. The Active Directory Integration
dialog opens.
7 To specify a default password for imported users, type a password in the Default
Password for New Users box. If a default password is not specified, all imported users
are imported with a blank password. In this case, it’s a good idea to force the user to
change the password when the user logs in; see the following step.
8 To ensure the user changes the password when the user logs in for the first time, select
the Require user to change this password check box. The Require user to change
this password check box is available regardless of whether a default password is
specified or left blank.
9 Select the Synchronize check box beside the Windows users who are to be imported as
Working Papers users. Users who had previously been imported will automatically be
Important: If the Synchronize check box is cleared for a user that had previously
been imported from the Active Directory (that is, the user exists in the Active Directory
user list and Working Paper’s user list), the user is removed from the Working Paper’s
user list but remains in the Windows Active Directory.
10 To import the user as active, select the Active check box beside the user. If the check
box is cleared, the user is imported as inactive. Only active users can be assigned to
groups.
The legacy user list import can only be performed while a client file is open.
Important: The legacy user list import is not available when using a Time-integrated store.
4 Click OK. A message opens asking if you are sure you want to turn protection on.
5 Click Yes if you are sure. If you are not sure, click No to cancel turning on protection; in
this case you cannot continue to import users.
7 Click the drop-down arrow beside Add and select From File.
8 Locate the legacy em.dbf database. The Import Users dialog opens.
9 To import a user, select the Synchronize check box beside that user. Note the
following:
• When the dialog opens, the check box is automatically selected for any user not already
in the Central Data Store.
• Even if a user is already in the Central Data Store, it is still possible to import that user.
However a warning message will appear indicating that the existing user’s information
will be overwritten with the information stored in the import database.
10 Click OK.
2 Select Tools | Protection | Turn Protection On. The Log In dialog opens.
3 Type your administrator user name and password. Initially you can use SUP as the user
name and sup (note lowercase) as the password.
4 Click OK. A message opens asking if you are sure you want to turn protection on.
5 Click Yes if you are sure. If you are not sure, click No to cancel turning on protection; in
this case you can not use protection.
The left pane of the dialog contains information about users stored in the Central Data
Store. The right pane contains information about groups.
In the above setup, there are seven users (in the Central Data Store). There is one group,
REV to which three users are assigned.
Adding Users
Users are stored in the Central Data Store. It is preferable that if a shared data store is being
used, changes to the user list be done while the shared data store is available.
1 Select Tools | Protection | Protection Setup. The Users and Groups dialog opens.
User Name Type the user name to be used for log in purposes.
• No other user may have the same user name as the name uniquely identifies a
user.
• User names are not case sensitive. That is, john.smith is considered to be the
same user as JOHN.SMITH.
Position Enter a general purpose property position for the user. It can be used for purposes
such as identifying partners, managers, juniors, etc. The position is specified by
selecting the correct value from the drop-down box or by adding a new position by
selecting the Create new item in the drop-down box.
• If a position is added, it must have a unique name.
• Positions may also be created clicking the Setup button in the Users and Groups
dialog.
• If the shared data store is Time-integrated, this control is disabled in Working
Papers and the position must be set in Time.
Deleting Users
You can delete users, but note the following:
• There must always be at least one user with administrator privileges. That is, a user can
not be deleted if it is the last active administrator in the file.
• For Time-integrated files, active and inactive Time Keepers can not be deleted. They
must be deleted within Time.
• A user can be deleted only if the user has not been assigned to any groups.
To delete a user:
In the Users and Groups dialog (Tools | Protection | Protection Setup), do one of the
following:
• Right-click the user name and select Delete from the context menu.
• If a Time-integrated shared data store is being used, the identifier cannot be changed.
• The Administrator check box can only be modified if the currently logged in user is an
administrator.
• The Administrator check box can be cleared only if there is another active administrator
in the user list.
• An administrator can not be set to inactive unless there is another active Administrator in
the user list.
• The following properties of users that were imported from a Windows Active Directory
cannot be modified: Pre-Name, First Name, Last Name, Position and Designation. This is
enforced so that the Working Papers user list and Windows Active Directory’s list remain
synchronized.
• Right-click the user name and select Properties from the context menu.
Adding a Group
Add groups using the following procedure:
1 In the Users and Groups dialog (Tools | Protection | Protection Setup), click the Add
button on the right side of the Users and Groups dialog. The Group Setup dialog opens.
Important: Group information is stored with the Working Papers client file, not in the
Central Data Store. This means that the rights that a user has changes from client file to
client file, depending on which group(s) the user has been assigned to in a particular
client file and what the rights settings are for those group(s). The only exception to this
rule is for users who are administrators. Administrators always have full rights to every
client file.
4 Click OK.
The Members tab is described in the next section, Assigning Users to Groups.
• Dragging and dropping the user to the group in the Users and Groups dialog.
• Selecting the group in the Member of tab of the User Properties dialog.
• Selecting the user in the Members tab of the Group Profile dialog.
1 In the Users and Groups dialog (Tools | Protection | Protection Setup), select the
user and click the Properties button in the Users pane. The User Properties dialog
opens.
4 Click OK.
1 In the Users and Groups dialog (Tools | Protection | Protection Setup), select the
group and click the Properties button in the Available Groups pane. The Group Profile
dialog opens.
4 Click OK.
Importing Groups
As mentioned earlier, group information is stored with a Working Papers file. The group
information stored in one Working Papers file is not shared with other Working Papers files.
If the same group setup that exists in one Working Papers file is needed in another file, the
group setup from the first file can be imported into the second.
To import group(s):
1 Select Tools | Protection | Protection Setup. The Users and Groups dialog opens.
3 In Source File Path, specify the path to the Working Papers file from which you wish to
import groups.
4 Select the groups you wish to import.
5 Click OK.
8 Is user an administrator?
• Yes. Go to step 10.
• No. Go to next step.
Working Papers can verify that a user is an administrator only if the user exists in the
user list (Central Data Store). If an administrator is assigned to a group in a client file
and the user is subsequently deleted from the user list, the user in the client file will no
longer be recognized as an administrator and must log in as a regular user.
9 Is the user in a group in the client file?
• Yes. Go to next step.
• No. Go to step 7.
11 Log in successful. Open the file and allow access according to the user’s rights.
12 Is the user required to change his password as specified in the Active Directory import?
• Yes. Bring up change password dialog.
This step only occurs if the shared data store is currently online. If it is not online,
Working Papers will wait to prompt the user for a new password the next time the
shared data store becomes available.
Windows Active Directory authentication is never performed if the shared data store of the
Central Data Store is not online.
If the automatically logged in Windows user is not the desired user, the user may be
changed by selecting the Tools | Change User item from the main Working Papers menu.
Suppose the security ID of the Central Data Store at Firm A is secretid1. The first time a
client file is opened in Working Papers, this ID (secretid1) is written into the client file. This
provides a link between the client file and the Central Data Store that was being used when
the client file was first accessed within the firm.
Now suppose the client file is sent to Firm B. The firm will have a different Central Data
Store which will have a different security ID, say pass342. When the client file is opened in
Firm B, Working Papers detects that the security ID of the Central Data Store does not
match the ID contained in the client file. That is, Working Papers detects that the client file
is being opened outside the firm.
In this case, the user in Firm B is not allowed to log in to the client file as an administrator;
but, only as a regular user assigned to a group contained in the client file.
Note: It is recommended a guest user be created for files being sent outside the firm.
If a user who is connected to a foreign Central Data Store opens this file as an
administrator, this option is cleared automatically and the security ID of the new store is
written into the client file; that is, the client file becomes associated to the foreign Central
Data Store.
• Install Working Papers by launching the executable or running the command line
parameter.
Once the registration is successful, the licenses are tracked by CaseWare license server by
authorization codes and locking codes if the computer information was transmitted to
CaseWare.
Important: You cannot electronically register licenses on a Citrix Terminal Server.
1. Create a file named cwreg.ini using the keys and values provided in the following table.
Key Value description
[Settings] Type [Settings] as the first entry in the cwreg.ini
file.
AuthorizationCode= Enter the authorization code sent by the CaseWare sales
department for the registration of Working Papers on
multiple computers.
AutoRegister= Enter one of the following values:
0 No
1 Yes
If 1 is selected, the registry setting is changed to 0 after
Working Papers is registered. This prevents the
registration from occurring every time Working Papers is
opened.
SilentRegister= Enter one of the following values:
0 Default
1 if AutoRegister
DoNotSendName= Enter one of the following values:
0 Default
1 if AutoRegister
For example:
• If you have access to the setup files, place the cwreg.ini file in the same folder as
the Working Papers’ setup.exe file.
• If you don’t have access to the setup files, you can place the file in any folder that you
wish. In this case, you must run a command line parameter to install and register
Working Papers.
Now that the cwreg.ini file is created and saved to the appropriate folder, you can install
Working Papers and then automatically register it electronically.
Depending on where the cwreg.ini file is located, you can either launch the setup.exe
file or you can run a command line parameter to launch the setup.exe and then
automatically register Working Papers electronically.
Note: Even if the cwreg.ini file is in the same folder as the setup.exe file for Working
Papers, you can place the cwreg.ini file elsewhere and run a command line parameter to
install and register the program. The command line parameter always takes precedence over
the file in the same folder as the Working Papers’ setup.exe file.
• If the cwreg.ini file is in the same folder as the Working Papers’ setup.exe file,
double click setup.exe. The Working Papers Installation wizard opens.
• If cwreg.ini file is not in the same folder as the Working Papers’ setup.exe file,
run a command line parameter,
ii. In the Open box, type the path where the Working Papers setup.exe file is
located followed by a space and then the command line parameter (/p) and then
the location of the cwreg.ini file. For example:
Note: If the file path has spaces in it, enclose the file path in quotation marks, for
example “C:\My Documents”.
iii. Click OK. The Working Papers Installation wizard opens.
2. Follow the instructions on the Installation wizard. When the setup is complete, click Finish
on the Installation wizard.
3. Open Working Papers. The Authorization page of the Registration wizard opens.
5. Click Continue. If the Check here if you do not wish your Computer Name to be
sent check box was selected, a message opens asking if you are sure you do not want the
information transmitted.
• To continue with the installation without sending the computer name to CaseWare,
select Yes.
• To change your selection and send the computer name to CaseWare, select No to close
the message and clear the Check here if you do not wish your Computer Name
to be sent check box. You can then click Continue to proceed with the registration.
7. The following page of the Registration wizard opens identifying that automatic registration
was successful.