TeamMate Configuration Guide

TeamMate Suite Configuration Guide
Guidance for technical staff assisting with the implementation of the TeamMate Suite Software
December 2010
.
CCH TeamMate Suite Configuration Guide
December 2010
Table of Contents
INTRODUCTION.................................................................................................................................................. 3 PREREQUISITES .................................................................................................................................................. 3 RELATED DOCUMENTS ..................................................................................................................................................... 3 REQUIRED TASKS ............................................................................................................................................................ 3 CONFIGURATION OPTIONS................................................................................................................................. 3 WEB SERVER CONFIGURATION ........................................................................................................................... 4 CONFIGURATION CHANGES BETWEEN R8 AND R9 ................................................................................................................. 4 LOAD BALANCING ........................................................................................................................................................... 5 AUTHENTICATION ........................................................................................................................................................... 5 Types of Authentication ......................................................................................................................................... 5 How to change authentication .............................................................................................................................. 6 Windows Authentication Setup ............................................................................................................................. 6 LDAP Authentication Setup .................................................................................................................................... 6 DATABASE CONNECTION .................................................................................................................................................. 7 INTERNET INFORMATION SERVICES (IIS) .............................................................................................................................. 7 IIS 6 and IIS 7 Differences ....................................................................................................................................... 8 APPLICATION CONFIGURATIONS ........................................................................................................................................ 9 TeamCentral .......................................................................................................................................................... 9 TeamRisk................................................................................................................................................................ 9 TeamSchedule ........................................................................................................................................................ 9 TEC ......................................................................................................................................................................... 9 Portal ..................................................................................................................................................................... 9 Unattended Console .............................................................................................................................................. 9 TeamMate Services ................................................................................................................................................ 9 SECURE SOCKET LAYER (SSL) ............................................................................................................................................ 9 MULTIPLE VIRTUAL DIRECTORIES ..................................................................................................................................... 10 SERVICES CONFIGURATION ............................................................................................................................... 10 TYPE OF SERVICES ......................................................................................................................................................... 10 IIS CONFIGURATION ...................................................................................................................................................... 10 WINDOWS SERVICE CONFIGURATION ............................................................................................................................... 10 Port ...................................................................................................................................................................... 10 Startup Options .................................................................................................................................................... 11 SERVICE CONFIGURATION OPTIONS .................................................................................................................................. 11 Configuring Service Cache Location ..................................................................................................................... 11 Load Balancing (Web Farm) with Services ........................................................................................................... 11 Services with External Work Papers Storage ....................................................................................................... 11 Services with Multiple Host Headers ................................................................................................................... 12 CONFIGURING SERVICES WITH SERVICE CONFIGURATION TOOL .............................................................................................. 13 CLIENT CONFIGURATION ................................................................................................................................... 14 DATABASE CONNECTION ................................................................................................................................................ 14 Centralized Model ................................................................................................................................................ 14 Distributed Model ................................................................................................................................................ 14 SERVICE CONFIGURATION ............................................................................................................................................... 14 Connection to a Global (Centralized) Database ................................................................................................... 15 Connection to a local file share ............................................................................................................................ 16 DATA EXECUTION PREVENTION (DEP) .............................................................................................................................. 16
2010 TeamMate Licensing B.V. All rights reserved.
December 2010
CLIENT APPLICATIONS ON SERVER OPERATING SYSTEMS ........................................................................................................ 17 OTHER CONFIGURATION ................................................................................................................................................ 17 TeamMate Registration File (tmreg.ini) .............................................................................................................. 17 TeamMate Project Conversion File (conversion.tml) ........................................................................................... 17 APPLICATIONS .............................................................................................................................................................. 17 Setup Administrative User ................................................................................................................................... 17 Database Connections ......................................................................................................................................... 18 USING THE TEAMMATE SOFTWARE WITH A TERMINAL SERVER ......................................................................... 18 MICROSOFT TERMINAL SERVER ....................................................................................................................................... 18 CITRIX PRESENTATION SERVER ........................................................................................................................................ 18 Considerations ..................................................................................................................................................... 18 RESETTING PROFILES ..................................................................................................................................................... 19 SECURITY .................................................................................................................................................................... 19 OTHER CONSIDERATIONS ............................................................................................................................................... 19 APPENDIX A: CONFIGURATION CHECK LIST ........................................................................................................ 20 APPENDIX B: USING THE UNATTENDED CONSOLE .............................................................................................. 23 SMTP SERVER CONFIGURATION...................................................................................................................................... 23 UNATTENDED CONSOLE CONFIGURATION.......................................................................................................................... 23 Modify the Application Configuration File ........................................................................................................... 23 Running the console for the first time ................................................................................................................. 24 Setting up a scheduled Task................................................................................................................................. 24 Configuration Options.......................................................................................................................................... 25 APPENDIX C: LOAD BALANCING......................................................................................................................... 27 PERSISTENT ................................................................................................................................................................. 27 NON-PERSISTENT ......................................................................................................................................................... 27 APPENDIX D: WINDOWS AUTHENTICATION....................................................................................................... 28 CLIENT........................................................................................................................................................................ 28 WEB SERVER ............................................................................................................................................................... 28 APPENDIX E: LDAP AUTHENTICATION ................................................................................................................ 28 APPENDIX F: TEAMMATE REGISTRATION FILE (TMREG.INI) ................................................................................ 32 CREATING THE CONFIGURATION FILE ................................................................................................................................. 33 Create Manually .................................................................................................................................................. 33 Create from Existing Settings ............................................................................................................................... 34 SPECIFYING NUMERIC VALUES ......................................................................................................................................... 34 SPECIFYING SPECIAL FOLDERS.......................................................................................................................................... 34 EXAMPLE TMREG.INI FILE................................................................................................................................................ 35 CONFIGURATION FILE SECTIONS ...................................................................................................................................... 37 MANUALLY APPLYING THE CONFIGURATION FILE ................................................................................................................. 38 AUTOMATICALLY APPLY THE CONFIGURATION FILE ............................................................................................................... 38 APPENDIX G: EWP PROJECT CONVERSION FILE (CONVERSION.TML) ................................................................... 39 CONVERTING EXISTING PROJECTS ..................................................................................................................................... 39 CONVERTING EXCEPTION TABS (R7 PROJECTS ONLY) .......................................................................................................... 39 IMPLEMENTING NEW CATEGORIES ................................................................................................................................... 40 IMPLEMENTING NEW TERMINOLOGY LABELS ..................................................................................................................... 40 IMPLEMENTING NEW POLICIES ........................................................................................................................................ 40 SAMPLE CONVERSION.TML FILE (XML FORMAT) ................................................................................................................. 43
December 2010
Introduction
The intended audience for this document includes technical staff and TeamMate Champions. This document will provide guidance to new and existing users of the TeamMate Suite software to setup and configure the TeamMate Suite. The steps in this document should only be carried out by trained IT Professionals.
Prerequisites Related Documents

Planning for R9 Guide TeamMate Suite IT Overview Getting Started Guide TeamMate Database Guide TeamMate Installation Guide TeamMate Configuration Guide
Required Tasks
Before continuing the following items must be complete Client Software installed (see TeamMate Installation Guide, Planning for R9 Guide, and the TeamMate Suite IT Overview) Web Server Software installed if using web applications (see TeamMate Installation Guide, Planning for R9 Guide, and the TeamMate Suite IT Overview) Tools installation (see the TeamMate Installation Guide) Database(s) setup and configured (see Planning for R9, TeamMate Suite IT Overview, and the TeamMate Database Guide for details) Local Administrative access to the web server and client machines
Configuration Options
Before continuing be sure to consult the other related guides to determine the deployment scenario to setup. Appendix A: Configuration Check List contains the most common deployment scenarios at the highest level. Use the check list in conjunction with the sections in this document to complete the TeamMate Suite Configuration.
December 2010
Web Server Configuration Configuration Changes between R8 and R9

For R9 many of the settings in the web.config configuration file have been relocated to other files. The diagram below shows the relationship between the R9 configuration files.
1. Authentication type a. moved from web.config to application root\authentication\current.config b. specific to each application 2. Application Settings a. moved from web.config to TeamCentral\Settings.config for all applications b. single file to store application settings for all applications c. includes but not limited to LDAP configuration Portal Settings Connection File (dbconnect.tmc) location Attachment Exclusion list Report Settings Note: Configuration files from prior versions CANNOT be used.
December 2010
Load Balancing
The TeamMate Web applications support load balancing. For more information see Appendix C: Load Balancing.
Authentication
The authentication models available include Forms, Windows, and LDAP. The authentication settings were relocated from the web.config file to the current.config file found in the Authentication folder in the root for the application. Example: \TeamCentral\Authentication\settings.config Each application can use different forms of authentication although it is recommended to use the same type of authentication for all applications.
Types of Authentication
Forms
Forms Authentication is the default authentication model set when the installation is complete. With this model, the entire authentication process occurs within the application. When the web application is accessed, a default form is presented to the user to enter the login credentials in the form of a username and password. After the credentials are validated against the TeamMate global database the user is allowed to proceed only if the user has a valid role for the web application. The application when installed defaults to forms authentication so no additional configuration is needed to use forms authentication.
Windows (Integrated)
Windows Authentication will authenticate a user based on the standard windows login. When the user accesses the Web Application the logged in windows account information is passed to the application for validation against the TeamMate global database. This process is automatic and does not require a user to enter any information into a form on the web page. If the user's windows account information (ex: Domain\loginname) matches a login name in the database for this application then the user is allowed to continue into the web application (site). Note: Passwords are ignored for the Windows Authentication Model.
LDAP
Lightweight Directory Access Protocol (LDAP) authentication is similar to the Forms authentication method where the user must enter the username and password. Where LDAP differs is the authentication process. Once the user enters the login credentials the information is passed from the web application to the LDAP server for validation. After the user is validated against LDAP the login credentials then are validated against the TeamMate global database. Then the credentials are validated against the TeamMate global database the user is allowed to proceed only if the user has a valid role for the web application.
December 2010
How to change authentication
1. Open the desired configuration file (forms.config, windows.config, ldap.config) up with a text editor (Notepad) 2. Select File Save As 3. Save the file as current.config overwriting the existing file 4. Ensure the NTFS permissions are propagated to the file 5. IIS must be reset for the changes to take effect (Run IISRESET from the command line)
Example Contents for Forms authentication

<!-========================================================================== Forms Authentication Settings ========================================================================== --> <authentication mode="Forms"> <forms name=".TMCookie" loginUrl="Login\LoginPage.aspx" enableCrossAppRedirects="true" domain="" protection="All" timeout="80" path="/"/> </authentication>
Windows Authentication Setup

See Appendix D: Windows Authentication for more information surrounding Windows (Integrated) authentication.
LDAP Authentication Setup

See Appendix E: LDAP Authentication for more Information surrounding LDAP authentication.
December 2010
Database Connection
The connection to the TeamMate Global Database can be found in the settings.config file in the root of the TeamCentral directory. This file by default is located in \Program Files \ TeamMate \ Connect \ dbconnect.tmc. If installing to a non-default location this setting must be modified to point to the new tmc file location. 1. Open the Settings.config file with a text editor (Notepad) 2. Modify the following line to point to the connection file location <add key="TmcPath" value="C:\Program Files\TeamMate\Connect\dbconnect.tmc" /> 3. Save the file 4. IIS must be reset for the changes to take effect (Run IISRESET from the command line)
Internet Information Services (IIS)

By default the installation sets up the Applications (Virtual Directories in IIS 6) to use the Default Application Pool. It is recommended to isolate the TeamMate Software from other applications. The table below shows the recommended setup where Application Pool 1 and 2 represent separate application pools. Recommended Setup for Application Pools Application TeamCentral TeamRisk TeamSchedule Tec TeamMateServices Recommended Application Pool 1 Application Pool 1 Application Pool 1 Application Pool 1 Application Pool 2 Minimum Application Pool 1 Application Pool 1 Application Pool 1 Application Pool 1 Application Pool 1 Not Recommended DefaultAppPool DefaultAppPool DefaultAppPool DefaultAppPool DefaultAppPool
December 2010
IIS 6 and IIS 7 Differences

Microsoft made changes to the structure of IIS between versions 6 and 7. One notable change is how Virtual Directories and Applications are used. The screenshot below shows the differences in the directory structure. With IIS 7 a virtual directory is added below the Application. This is Microsofts recommended setup.
December 2010
Application Configurations
As noted above all settings specific to the web applications are now located in the Settings.config configuration file located in the TeamCentral application directory (\wwwroot\TeamCentral\Settings.config).
TeamCentral
No customizable settings exist at this time.
TeamRisk
TeamSchedule
TEC
Portal
The Portal contains a link to each application. These links (Icons) can be hidden from view by changing the value to false in the settings file for the desired application. Each application also has a link back to the portal homepage. This can be modified with the ShowPortalLink setting. The links to each of the main applications (TEC, TeamSchedule, and TeamRisk) can also be pointed to a different URL. These can reside on a different server.
Unattended Console
The settings for the unattended console are located in the TeamMate.UnattendedConsole.exe.config file. This file is installed to C:\Program Files \ TeamMate \bin by default. See Appendix B Using the Unattended Console for details.
TeamMate Services
See Services Configuration for setting up services.
Secure Socket Layer (SSL)

SSL or TLS can be used to manage the security of message transmissions across the network with the TeamMate Web Applications. A certificate must be obtained from a certificate authority (CA), internally self signed or well known external. This certificate must then be installed in IIS in a simple operation facilitated by the IIS console. The process varies some by CA and the CA will provide the necessary instructions for obtaining and installing your SSL or TLS web server certificate.
December 2010
Multiple Virtual Directories

The TeamMate software can be configured to run multiple virtual directories. Multiple connection files can now be used with the websites. Steps to create Multiple Virtual Directories 1. Copy Folder directory of application (example: \wwwroot\TeamCentral) to another directory (wwwroot\TeamCentral2) 2. Set NTFS Permissions on the new directory 3. Open IIS Admin and create a Virtual Directory out of the newly copied folder 4. Set all Virtual Directory settings to match the original virtual directory. The only difference will be the Application Name. 5. Test the newly created virtual directory 6. Modify configuration as needed.
Services Configuration Type of Services

EWP can be configured to use web services for Replication, Get and Send Functionality with TeamStore, and sending to TeamCentral. These services are offered in a web-based (IIS) configuration or as a windows service.
IIS Configuration
When using the TeamMate Services with IIS the web.config file must be modified to point to the TMC location. This file is located in the directory root for TeamMateServices (\wwwroot\TeamMateServices\web.config). Once the configuration is complete, reset IIS to implement the changes. See the Service Configuration Options section for details and additional configuration options.
Windows Service Configuration

When using the TeamMate Services as a Windows Service the application configuration file (TeamMate.Services.Host.WindowsService.exe.config) must be modified to point to the TMC location. This file is located in the following directory \ProgramFiles\TeamMate\bin\. Once the configuration is complete, restart the service to implement the changes. See the Service Configuration Options section for details and additional configuration options.
Port
By default the service is set to listen on Port 6000. This can be modified but will need to be changed for all base addresses in the application configuration file. The example below shows the base address for the Integration Services. <add baseAddress="http://localhost:6000/IntegrationService"/> Once the configuration file is changed restart the service for the changes to take effect. Be sure to change the service.config file created to point to the new port number.
10
December 2010
Startup Options
It is recommended that the windows services have the Start Up option set to Automatic.
Service Configuration Options

There are two main configurable settings for services. These include CacheInMemory (true (default)/false), and CachePath (uses temp folder if not specified, i.e. C:\Documents and Settings\<username>\Local Settings\temp\), and these settings need to be prefixed with either Service or Client as appropriate. By default the cache is stored in memory. This configuration requires no file permissions to be set. All other service configurations (excluding locations and paths) should not be modified unless directed by TeamMate Support. For very large packages and/or large numbers of concurrent users, it is recommended that the service cache be on disk (to reduce memory consumption).
Configuring Service Cache Location

To change the transport service configuration to cache to disk the web.config file must be modified (ServiceCacheInMemory and ServiceCachePath settings). For a client app which supports in-process hosting (i.e. TeamMate.exe), you may specify both ClientCacheInMemory/ClientCachePath and ServiceCacheInMemory/ServiceCachePath settings (i.e. in TeamMate.exe.config). In the example below, we are configuring web.config (for IIS) for on disk transport cache: The example below demonstrates how to set the web.config to store the cache on a disk. <appSettings>  <add key="ServiceCacheInMemory" value="false"/> <add key="ServiceCachePath" value="C:\Transport\ServiceCache"/> </appSettings> 1. NTFS modify permissions must be set on the ServiceCachePath folder in the same manner as the other folders. For Windows 2003 this would be the ASP.NET, IUSER_<MachineName>, and IIS_WPG accounts. For Windows 2008 this will be the IIS_IUSRS account.
Load Balancing (Web Farm) with Services

If a web farm is used (more than one web server behind a load balancer), and sticky sessions are not used, then ServiceCacheInMemory must be false and the ServiceCachePath must be set to the same value on all web servers. The ServiceCachePath value must be either a UNC path or mapped drive path that all machines can access.
Services with External Work Papers Storage

When using services and storing EWP work papers externally from the database (storing on a file share) then additional setup tasks are required. The user account that the TeamMate Services are running as must have permission to the file share or errors will occur. For IIS this is the account the application pool is running under. For the Windows Service option this will be the account the Windows Service is running under. It is recommended to use a domain account that can have privileges on the server and
11
December 2010
the file share. When using IIS the domain account must have the same privileges on the NTFS folder structure that the original account had. Normally this is the Network Services account. These permissions can be set at the root of the TeamMateServices directory and propagated down.
Services with Multiple Host Headers

When using TeamMate Services with a web site that has multiple host headers defined additional configuration is required. 1. Open the web.config file for TeamMate Services (wwwroot\TeamMateServices\web.config) 2. Add the following section of code to the <system.serviceModel> section replacing MYHOSTHEADER with the name of the first host header for the website.
<serviceHostingEnvironment> <baseAddressPrefixFilters> <add prefix="http://MYHOSTHEADER/TeamMateServices"/> </baseAddressPrefixFilters> </serviceHostingEnvironment>
3. For each service node listed below make the following changes Services o o o o TeamMate.Services.Utilities.UtilitiesService TeamMate.Services.Transport.TransportService TeamMate.Services.Replication.ReplicationService TeamMate.Services.Integration.IntegrationService
The example below demonstrates changing the Utilities service to support 2 host headers where teammate1 is the first header and teammate2 is an additional host header. For each header 2 additional endpoint nodes must be added. Note: The address for the first node must be changed to a fully qualified name. Before:
<service name="TeamMate.Services.Utilities.UtilitiesService" behaviorConfiguration="behaviorDefault"> <host> <baseAddresses> <add baseAddress="Utilities.svc" /> </baseAddresses> </host> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" /> <endpoint contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding" bindingConfiguration="MtomSecurityNone" /> </service>
12
CCH TeamMate Suite Configuration Guide After:
December 2010
<service name="TeamMate.Services.Utilities.UtilitiesService" behaviorConfiguration="behaviorDefault"> <host> <baseAddresses> <add baseAddress="Utilities.svc" /> </baseAddresses> </host> <endpoint address="http://teammate1/TeamMateServices/Utilities.svc/mex" contract="IMetadataExchange" binding="mexHttpBinding" /> <endpoint address="http://teammate2/TeamMateServices/Utilities.svc/mex" contract="IMetadataExchange" binding="mexHttpBinding" /> <endpoint address="http://teammate1/TeamMateServices/Utilities.svc" contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding" bindingConfiguration="MtomSecurityNone" /> <endpoint address="http://teammate2/TeamMateServices/Utilities.svc" contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding" bindingConfiguration="MtomSecurityNone" /> </service>
Configuring Services with Service Configuration Tool

EWP uses the service configuration file (service.config) for Replication, Get and Send Functionality with TeamStore, and sending to TeamCentral. The service.config file is always placed in the following directory: %User Profile%/My Documents / TeamMate / Connect 1. Open TMDBAdmin 2. Click on Create Service Configuration from the left navigation menu 3. Click New File to create a new file or Open File to open an existing file and click Next 4. Click Create a new service to create a new entry or Edit an existing service to edit an existing entry (select from list) and click Next 5. Service Entry Name enter an identifier for this service (ex. US East) note any spaces will be replaced with an underscore (_) and the service name must be unique. click Next 6. Choose the deployment Model and click Next Service Options IIS available with web server installation Windows service - available with tools installation
7. Enter the URL for the service location and click Next
URL for service IIS http://ServerNameOrIPAddress//TeamMateServices Windows http://ServerNameOrIPAddress:6000
8. Choose the desired Template and click Next

Template Options (WAN or LAN) WAN used for Wide Area Networks (slower connections) LAN used for Local Area Network (faster connections)
13
CCH TeamMate Suite Configuration Guide 9. Click Test to confirm the configuration is working 10. Click Save to save the configuration to the file 11. Click Cancel to exit or Next to create another entry
December 2010
Client Configuration Database Connection

The client applications (TeamRisk, TeamSchedule, TeamAdmin, and TeamStore) connect directly to the centralized (global) database via a connection file (dbconnect.tmc). This file by default is stored in the users \Documents\TeamMate\connect folder. The file created during the database creation and setup (see Database Guide) should be copied to this directory. Note that in a distributed model a centralized (global) database is still required for the client applications if using TeamSchedule or TeamRisk with EWP. EWP data access varies depending on the Model being used
Centralized Model
EWP connects to the centralized (global) database directly and EWP projects are stored inside the database. The connection is made via the connection file (dbconnect.tmc).
Distributed Model
EWP connects to local independent Access Databases that are stored on a file system (local hard drive or file share) for working with EWP Projects. To get and receive data from the other applications a get / send approach is used via services and/or a connection file which connects to a centralized database (see above).
Service Configuration
The service configuration should be setup using the instructions found here Services Configuration. Once the service.config file has been created then copy it to the following folder for the user \Documents\TeamMate\connect. To change the location of the service configuration this will need to be done via the registry. Change the path for the following registry key and restart the application. HKEY_LOCAL_MACHINE\SOFTWARE\CCH\TeamMate\ServiceConfigPath If the key does not exist then create it. 1. Open Registry Editor 2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CCH\TeamMate 3. Right click and select New String Value 4. Enter the path to the Folder containing the service configuration file. Do not put the full path to the file. Example:
14
December 2010
I Once the service configuration file is in place then EWP needs to be configured for the connection to the database.
Connection to a Global (Centralized) Database

1. Launch EWP 2. In the TeamMate Explorer window right click on one of the existing tabs and select Insert Location Tab 3. Give the Tab a Location Name (ex My Database) 4. Under Database Location select Centralized (SQL or Oracle) 5. Browse for the connection file (dbconnect.tmc) created above 6. Choose the desired connection from the Title drop down list 7. Additional Filter Options used to filter the list of projects to reduce the amount of visible projects (this is optional) 8. Change the Service Location to the location from the service.config file. (Note: there can be multiple locations) 9. Click OK to save the new tab 10. When opening the tab in EWP a login prompt should appear
15
December 2010
Connection to a local file share
1. Launch EWP 2. In the TeamMate Explorer window right click on one of the existing tabs and select Insert Location Tab 3. Give the Tab a Location Name (ex My Database) 4. Under Database Location select Distributed (File Share or Off-Line Replica) 5. Choose a folder location on the file system 6. Change the Service Location to the location from the service.config file. (Note: there can be multiple locations) 7. Click OK to save the new tab 8. When opening the tab in EWP a list of projects will appear. If the directory is empty then no projects will show in the list
Data Execution Prevention (DEP)

When using EWP and the TMDBAdmin some instances may occur where Data Execution Prevention (DEP) blocks access to the applications. In these instances the program being blocked must be allowed to execute. Use the following instructions to Disabled DEP for an application. 1. Open System Properties (Start Control Panel System) 2. Go to Advanced Performance Settings 3. Click on Data Execution Prevention 4. Click Turn on DEP for all programs and services except those I select: 5. Add the program to the list 6. Click OK to save 7. A reboot maybe required TeamMate Applications that may need this option set Teammate.exe ParadoxConversionConsole2.exe (used by TeamMate.exe and TMDBAdmin.exe)
16
December 2010
Client applications on server operating systems

When installing EWP on a server operating system some additional settings maybe required. When Internet Explorer Enhance Security Configuration (ESC) is enabled certain errors and warning will occur throughout EWP. To resolve this the following steps must be performed for each user affected. 1. Launch Internet Explorer and go to Internet Options 2. On the security tab highlight Trusted Sites and click Sites 3. Add the following to the Websites list About:security_teammate.exe 4. Save and close Internet Explorer
Other Configuration
TeamMate Registration File (tmreg.ini)
The tmreg.ini file is used to set EWP preferences at the client level. For more information on using this see the following section. Appendix F: EWP Registration File (tmreg.ini)
TeamMate Project Conversion File (conversion.tml)

The conversion.tml file is used to set EWP preferences at the project level. For more information on using this see the following section. Appendix G: EWP Project Conversion File (conversion.tml)
Applications
Setup Administrative User
Once the client configuration has been completed then the process of using the software can begin. The initial login for a new database will be with the TMChampion account. This user can only access TeamAdmin. Use the following instructions to setup an additional administrative account to access other applications in the suite. 1. Launch TeamAdmin 2. In the Open Database Form select Manage 3. Browse for the connection file if not already populated (default location is \Documents\TeamMate\Connect\dbconnect.tmc) 4. Select the connection file and click OK 5. Choose a connection from the Open Database menu 6. Login with tmchampion as the username and champion as the password 7. Change the password when prompted 8. Under User Management select create new user 9. Create a new user following the prompts in the wizard
17
December 2010
10. On the application roles screen give the user administrative access to all application 11. Save the user At this point the user should be able to login to any application.
Database Connections
The steps for opening a database are the same for all client applications (except EWP which was described previously). After launching the application: 1. In the Open Database Form select Manage 2. Browse for the connection file if not already populated (default location is \Documents\TeamMate\Connect\dbconnect.tmc) 3. Select the connection file and click OK 4. Choose a connection from the Open Database menu
Using the TeamMate Software with a Terminal Server

The TeamMate software can be used in conjunction with a terminal server. The two supported options are Microsoft Terminal Server and Citrix Presentation Server. The installation of the software is the same as with a standard client installation. The configuration varies depending on preferences, environment, and solution. The configuration options that change primarily surround the location of the configuration files. Many clients choose to place the configuration files in a centralized location so all users have the same setup / settings. The following files are normally centralized when using terminal servers: 4. Database Connection File (dbconnect.tmc) 5. EWP Registration File (tmreg.ini) see Appendix F: EWP Registration File (tmreg.ini) 6. EWP Conversion Template (conversion.tml) see Appendix G: EWP Project Conversion File (conversion.tml)
Microsoft Terminal Server

Additional configuration for Microsoft Terminal Server is not required for a standard installation. Some items that can be modified to improve performance and usability include the screen resolution, bit depth, and compression.
Citrix Presentation Server

Once the applications are installed and configured then the applications should be published to the end user. The user will require permission to the program files and data directories on the server.
Considerations
18
December 2010
Temporary File Locations (Temp Files) the temp files location should be set to a location on the Citrix server. Most often the C:\ drive in a Citrix session is pointing back to the clients local machine. If the temporary files directory for EWP is pointing to this location then performance will be reduced significantly. Bit Depth the bit depth can be reduced to assist in performance over slower connections. Note this does reduce the overall quality of the interface. Publish the individual applications in lieu of the launch pad. This will reduce memory usage across multiple users and help control application usage.
Resetting Profiles
When using terminal servers the option to reset user profiles is popular. While this locks down the environment and ensures that the user has the same settings each time they enter the application this can cause other issues. Some of the settings for the applications are profile based, which when reset at each logoff, force the user to make certain changes every time they log in. This can also reset any fixes that may be applied by the user. The recommendation here would be to have a default base profile and have users inherit from this profile every time they log in to the session. This would allow changes made to the base profile to be propagated to the users the next time they log in.
Security
Security for terminal servers lies with the end user. The connection between the client and the terminal server should be encrypted if using on a Wide Area Network (WAN).
Other Considerations
Windows Presentation Foundation (WPF) any inconsistencies with EWP and the Risks and Controls viewer can be addressed by modifying the hardware acceleration settings for the session. This is a known limitation with WPF and terminal service sessions / virtualization.
19
December 2010
Appendix A: Configuration Check List

Use this checklist to assist in configuring the TeamMate Suite. The first two steps must be complete prior to continuing. Once a configuration model has been chosen then proceed to that model and complete all required steps. Only one of the models should be used.
Prerequisites Met Client Software Installed Server Software Installed (optional) Tools Installed Database(s) setup and configured (includes EWP Projects and Templates) Local Administrative Access to Web Server and Client Machines
Determine Options (Critical) WorkPaper Storage Location (Inside / Outside Database) Determine Configuration Option
Centralized Configuration (EWP Projects in Global Database - Using all applications) - Recommended Web Server 1 2 3 4 5 Setup Authentication Set Database Connection(s) (connection file location) Modify IIS Configuration (Application pools) Configure Web Settings (Settings.config) Configure TeamMateServices Client 1 2 3 4 5 Set Database Connection(s) (connection file location) Set Service Configuration (service configuration file) Configure EWP \ Tabs Setup Unattended Console SMTP Settings (TeamAdmin) Set up Launch Pad links
20
December 2010
Centralized Configuration (EWP Projects in Global Database - no web applications - Using Windows Services) Services 1 Configure TeamMate Services as a Windows Service Client 1 2 3 4 Set Database Connection(s) (connection file location) Set Service Configuration (service configuration file) Configure EWP \ Tabs Setup Unattended Console SMTP Settings (TeamAdmin)
Decentralized Configuration (EWP Stand Alone Projects and Centralized Database for Other Applications Including Web Applications) Web Server 1 2 3 4 5 Setup Authentication Set Database Connection(s) (connection file location) Modify IIS Configuration (Application pools) Configure Web Settings (Settings.config) Configure TeamMateServices Client 1 2 3 4 5 Set Database Connection(s) (connection file location) Set Service Configuration (service configuration file) Configure EWP \ Tabs (Tabs pointing to file share / local disk) Setup Unattended Console SMTP Settings (TeamAdmin) Set up Launch Pad links
Decentralized Configuration (EWP Stand Alone Projects and Centralized Database for Other Applications Excluding Web Applications - Using Windows Services) Services 1 Configure TeamMate Services as a Windows Service Client
21
CCH TeamMate Suite Configuration Guide 1 2 Set Database Connection(s) (connection file location) Configure EWP \ Tabs (Tabs pointing to file share / local disk)
December 2010
Decentralized Configuration (EWP Stand Alone Projects and Centralized Database for Other Applications Excluding Web Applications - No Services) Client 1 2 Set Database Connection(s) (connection file location) Configure EWP \ Tabs (Tabs pointing to file share / local disk)
Decentralized Configuration (EWP Stand Along Projects only - no centralized database or other applications used) Client 1 Set Database Connection(s) (connection file location) Note: A local database (access) will be required for storing templates to create projects from 2 Configure EWP \ Tabs (Tabs pointing to file share / local disk)
22
December 2010
Appendix B: Using the Unattended Console

The Unattended Console generates email automatically based on user settings. The setup involves 2 steps. The first step must be performed with TeamAdmin. In the second step the Unattended Console application is configured to run on the web server based on a user defined schedule. The email configuration should only be done after the database connection has been setup to point to the new / converted database. Email notifications are database dependent and must be configured per database.
SMTP Server Configuration

Refer to the TeamAdmin help manual for information on setting up the SMTP Server in the database using Team Admin. Proceed to the next step only after the SMTP configuration is complete.
Unattended Console Configuration

The Unattended console (UAC) is an application that runs on the web server. The UAC is called via a scheduled task and queries the database for any emails waiting to be sent. The emails are then sent via SMTP to the end users. The following steps detail the configuration of the Unattended Console.
Modify the Application Configuration File

1. Open TeamMate.UnattendedConsole.exe.config with a text editor (Notepad). The installation location by default is \Program Files\TeamMate\bin\ 2. Verify the location of the database connection file (DBconnect.tmc). a. Locate the appSettings section b. The TmcPath must point to the correct location. If the server was installed to the default location this will not require modification. c. Make any changes necessary and save the file.
<appSettings> <add key="AppLogName" value="UnattendedConsole" /> <add key="TmcPath" value="C:\Program Files\TeamMate\Connect\DBConnect.tmc" /> <add key="ClientSettingsProvider.ServiceUri" value="" /> </appSettings>
23
December 2010
Running the console for the first time

To run the application for the first time and load the plug-ins use the following instructions. 1. Open a command prompt (Start Run Type CMD and click OK) 2. Change directories to the directory that contains TeamMate.UnattendedConsole.exe (default is C:\Program Files\TeamMate\bin). 3. Enter the following command to load all plug-ins. To load a specific plug-in (Team Central for example) replace the 0 in the command below with the plug-in ID of the application to load. See the tables below for available plug-in IDs. TeamMate.UnattendedConsole.exe /p:0 4. Any error messages will appear in red. Error messages that refer to email templates not being setup correctly can be ignored for the purpose of installation. After the console is setup all templates that are going to be used should be configured prior to using the application. See the TeamAdmin help manual for details.
Setting up a scheduled Task

The UAC can run as often as desired. To run the UAC the preferred method is via scheduled tasks. One or more tasks can be created and configured separately. For example a user may want a task to run and send Team Central emails daily while Tec emails should only be sent weekly. The scheduled task will require a user account to function. This account can be a local or domain account and be a member of the Users group on the web server itself in order to function properly. No additional permissions are needed. This account should be setup and ready prior to proceeding. Use the instructions below to setup a scheduled task. 1. Go to Start Settings Control Panel Scheduled Tasks Add a Scheduled task 2. Click next and then browse to the TeamMate.UnattendedConsole.exe file (default location is C:\Program Files\TeamMate\bin) and then click open 3. Choose the interval at which this task should run and click next 4. Choose the start time at which this task should run and click next 5. Enter the User Account credentials to be used for this scheduled task and click next 6. Check the box to open advanced properties and click finish 7. Here one can modify the schedule and configuration options for the task. For a list of all configuration options available see the following sections.
24
December 2010
Configuration Options
The proceeding tables provide information for configuring the scheduled tasks to be used with the UAC. The following command line switches are used in conjunction with the scheduled task. Command Line Switch /TemplateID:<int> /ExecuteAll[+|-] /TmcPath:<string> Short form /t:<Template ID> /all /tmc:<TMC file path> /p:<Plugin ID> /c:<Connection Title> Description Email Template Identifier, this parameter supports multiple values. Execute All Plugins. Default value: File path for Tmc config file. Default value:C:\Program Files\TeamMate\Connect\dbconnect.tmc.. Plugin Identifier. Default value: 0 Tmc Connection Title. Default value: teammate. Help
/PluginID:<int> /ConnectionTitle:<string> /?
The following table lists the available email plug-ins (PluginID) and associated plug-in IDs. Plugin ID 0 1 4 10 11 12 Description (Type of plugin) Run all plugins Email Queue Resender TeamRisk TeamMate Tec TeamCentral TeamSchedule Command Line Example TeamMate.UnattendedConsole.exe /p:0 TeamMate.UnattendedConsole.exe /p:1 TeamMate.UnattendedConsole.exe /p:4 TeamMate.UnattendedConsole.exe /p:10 TeamMate.UnattendedConsole.exe /p:11 TeamMate.UnattendedConsole.exe /p:12
25
December 2010
The following table lists the available email templates (Template IDs) and the associated application.
Template ID Description Application
3 4 5 6 7 8 9 10 11 12 13 14 15 17 18 19 20 21 23 24
Timesheet Overdue Risk Assessment Invitation Risk Assessment Submission Risk Assessment Completion Time sheet Rejected Expense Sheet Rejected Status Update Reminder Status Update Submission Implementation Reminder Implementation Action Submission New User Account Created (Team Central) Password Reset Notification Comment Notification Recommendation Implementation Ready for Approval Recommendation Implementation Rejected Recommendation Reopened Status Update Overdue Recommendation Implementation Overdue Status Update submission with a date revision Assignments Changed
TeamMate Tec Team Risk Team Risk Team Risk TeamMate Tec TeamMate Tec TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamCentral TeamSchedule
An example of Command Line Statement placed in the Run Section of the Scheduled Task is below. This line runs all plugins (/p:0) and uses the connection title sql1 from the tmc file.
"C:\Program Files\TeamMate\bin\TeamMate.UnattendedConsole.exe" /p:0 /c:sql1
If the connection title has a space in the name then place the title in quotes as shown below.
"C:\Program Files\TeamMate\bin\TeamMate.UnattendedConsole.exe" /p:0 /c:my sql1
26
December 2010
Appendix C: Load Balancing

The TeamMate Server applications are supported for load balanced environments also known as a web farm. The configuration needed will be based on the type of load balancing that is being setup and how the session state is configured.
Persistent
If a persistence based load balancing system is used the session state will be stored locally to each server as the user is directed back to the same server for the life of the session. In this scenario the application will need to be installed to each of the servers in the farm. All servers should be setup identically to avoid confusion to the users and ensure the applications function as expected. This includes database (DBconnect.tmc) and application(web.config) configuration files.
Non-Persistent
If a non-persistence load balancing system is used then the session state must be stored on a state server. A state server can be another physical server or a SQL Database. This setup requires additional configuration in addition to a persistence setup. The settings for the session state are located in the web.config file for each application. Open the web.config file and find the following section. Note there will be more lines in this section than are shown here. Default Configuration <system.web> <sessionState mode="InProc" cookieless="false" timeout="30"/> </system.web> State Server Configuration An example of a state server configuration is shown below: <system.web> <sessionState mode="StateServer" stateConnectionString="tcpip=dataserver:42424" cookieless="false" timeout="30"/> </system.web> SQL Server Configuration An example of a SQL Server configuration is shown below: <system.web> <sessionState mode="SQLServer" sqlConnectionString="datasource=127.0.0.1;user id=<username>;password=<password>" cookieless="false" timeout="30"/> </system.web>
27
December 2010
Appendix D: Windows Authentication

Integrated Authentication (windows authentication) allows users to enter the application (web or client) directly without logging in. Use the following instructions to configure windows authentication for the client and server. Key Points The client and server can be configured separately where one uses Windows authentication and the other uses another form of authentication Windows requires the DOMAIN\username syntax for the TeamMate loginname when using windows authentication.
Client
To setup windows authentication for the client applications refer to the TeamAdmin user manual. Once the policy is set to use Windows Authentication all of the client applications will utilize this setting.
Web Server
Use the instructions found in How to change authentication to switch to windows authentication. Once this is done an additional step must be taken to improve performance of the application. 1. Open IIS Manager 2. Go to each of the applications (TeamCentral, TeamRisk, TeamSchedule, TEC, and TeamMateServices) and select properties 3. Turn off anonymous access to the application and subdirectories 4. Setup NTFS permissions for the user on the folders a. Refer to the Installation Guide for NTFS permission requirements b. Create or use an existing Security Group (domain or local) c. Add the group to each of the NTFS folders and set the required permissions d. Add any users who will be accessing the websites 5. Reset IIS
Appendix E: LDAP Authentication

This section describes how to configure the applications for use with LDAP. LDAP can only be used with the Web Applications LDAP authentication can be performed in one of two ways with each being highly configurable in order to adapt to the demands of LDAP environments. To configure the applications for LDAP the Settings.config file must be modified. (Note: The location for the settings file is \wwwroot\TeamCentral\Settings.config) The first way of authentication is what is termed as a known user or three step approaches while the second is termed the direct approach. The known user approach is essentially a three (3) step approach that is a best practice and applicable for environments that require a greater measure of security. The direct approach is relatively less secure, but also easier to implement and less network intensive.
28
December 2010
NOTE: All configuration settings are optional beyond the LDAP path (server configuration setting) described in the following section. Additional configuration settings are provided to adapt to the various LDAP environments in which the applications may be deployed and to provide the highest degree of flexibility. Finally, some optimal configuration settings may be dependent on the usage of another setting; however, these dependencies are documented in the sample LDAP configuration file deployed with the applications and the following section. Known User Approach The known user approach requires working with the LDAP administrator(s) to establish a known user that the applications will use for its initial connection to the LDAP repository. This account will be placed in the Settings.config file. An authentication session will consist of the application connecting to the LDAP store as this known user, retrieving the distinguished name of the user being authenticated based on their simple account name entered at the login screen and then attempting to bind with the LDAP retrieved fully distinguished name of the user and the associated password, also entered by the user at the login screen. This approach will only allow the session to occur with the known user which is beneficial for security and tracing of LDAP activity to the applications. The "known user approach" consists of three steps and the following transactional details and configuration options.
Step 1
Binding to the LDAP server as a pre-configured known application user The purpose of this step is to only allow known users to initially access the system as well as to allow tracing of TeamCentral activity. Note: The key parameters for this bind are the LDAP_PATH which specifies the target LDAP server and optional BASE_DN, which is appended to the LDAP_PATH to specify a specific object in the LDAP hierarchy to perform the bind. In addition, the APPLICATION_USERNAME and APPLICATION_PASSWORD are the known user credentials used for this bind and are used to identify this application. These known user credentials are supplied by the LDAP administrators. The presence of the application username and password are the determining factors for whether known user approach is used. Lastly, the final parameter key that may be used for this portion of the approaches transaction is the type of authentication mode used for the bind, key of AUTHENTICATIONTYPE. Typically this is either SECURE (a value of 1) for Microsoft AD environments or NONE (a value of 0) for all others. There are exceptions for these authentication mode values and these are addressed below. Note that if the active directory is targeted, the APPLICATION_USERNAME must be preceded by the associated domain name (domain\username). Member Name Anonymous Description No authentication is performed. The providers may attempt to bind a client as an anonymous user to the targeted object. The WinNT provider does not support this flag. Active Directory establishes a connection between the client and the targeted object, but does not perform any authentication. Setting this flag amounts to requesting an unsecured binding, which means "Everyone" as the security context. Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains. Value 16
Delegation
256
29
CCH TeamMate Suite Configuration Guide Encryption FastBind Forces ADSI to use encryption for data that is being exchanged over the network.
December 2010 2 32
ADSI does not attempt to query the Active Directory objectClass property and thus only exposes the base interfaces supported by all ADSI objects instead of the full object support. A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. However, ADSI does not verify if any of the request objects actually exist on the server. For more information, see "Fast Binding Options for Batch Write/Modify Operations" in the Active Directory Programmer's Guide. Equates to a null reference (Nothing in Visual Basic). For a WinNT provider, ADSI tries to connect to a primary domain controller (PDC) or a backup domain controller (BDC). For Active Directory, this flag indicates that a writable server is not required for a serverless binding. Encrypts data using Kerberos. The Secure flag must also be set to use sealing. Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption. If the ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic. Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.
None ReadonlyServer
0 4
Sealing Secure
128 1
SecureSocketsLayer
ServerBind
512
Signing
64
Step 2
30
December 2010
Performing a filter search using the users supplied username at the login page and configurable attribute name to retrieve the users distinguished name. The purpose of this step is to allow a user to enter a simple account name and for the system to retrieve the association fully distinguished name for actual user authentication. This frees the user of the burden of remembering and keying in the complex and length and distinguished name. As an option, configurations allow for supplying a domain for all users (domain@useraccount) or in the absence of this domain name, having the user supply their domain name in the event the users may span multiple domains which is typical for larger corporate environments. If the domain is specified, it will be added to the user supplied username (domain@username). Note: The key parameters applicable to this step are FILTER_ATTRIBUTE (i.e. uid) and DN_ATTRIBUTE (i.e. dn). As an example, a filter using the above parameters would perform a filter search of uid=<username_supplied_by_user> and return an attribute by the name of dn, which holds the distinguished name value. Optionally, SEARCH_SCOPE and REFERRAL_CHASING are available to provide greater flexibility and are described in detail below. Search scope options are: Base - Limits the search to the base object. The result contains at most one object (value="0"). OneLevel - Searches one level of the immediate children, excluding the base object (value="1"). Subtree - Searches the whole subtree, including all children and the base object itself. This is the default (value="2"). All - Chase referrals of either the subordinate or external type (value="0"). External - Chase external referrals. This is the default (value="1"). None - Never chase the referred-to server. Setting this option prevents a client from contacting other servers in a referral process (value="2"). Subordinate - Chase only subordinate referrals which are a subordinate naming context in a directory tree. The ADSI LDAP provider always turns off this flag for paged searches (value="3").
Referral chasing options are:
Step 3
Binding to the LDAP store using the users distinguished name and supplied password. This is the actual authentication of the user being authenticated with the LDAP system retrieved distinguished name and the password supplied by the user at the login page. Note: Once the distinguished name is gathered, it along with the corresponding password supplied by the user are used to bind to the LDAP store to perform the actual authentication test. The object bound to in LDAP is either the LDAP_PATH, or LDAP_PATH with the BASE_DN appended. The bound object is determined using configurable key parameters of USE_BASEDN_FOR_AUTHENTICATION_BIND to have the BASE_DN value appended to the LDAP_PATH or if both of these are 0 or omitted, the LDAP_PATH value will be used. USE_BASEDN_FOR_AUTHENTICATION_BIND takes precedence over USE_DN_FOR_AUTHENTICATION_BIND if both are set to 1 (enabled). The USE_DN_FOR_AUTHENTICATION_BIND is only applicable to the "direct approach" as documented below. The same authentication type used for the application user bind is in effect for this bind. If the bind is successful, then the user is authenticated.
31
December 2010
Direct Approach
This authentication approach is provided for backward compatibility with previous versions of TeamCentral and in the event such an approach is more suitable. Essentially, this step consists of step 3 of the "known user approach" described above with the exceptions that the username and password values the user supplies on the login form are used for the bind to the LDAP repository. Note: If LDAP_DOMAIN is specified, this domain is appended to the username for the authentication bind (domain@username). This would prevent users that all exist in the same AD domain from having to specify the domain in addition to their username at login. Domain names are only applicable for Microsoft AD environments.
General
Consult the LDAP configuration sample provided with the TeamCentral installation in the ConfigurationFiles directory for a sample configuration and corresponding annotations of the various configuration settings applicable to the LDAP authentication. All configuration settings are placed in the Settings.config file. The Settings.config file options sections for specifics regarding this file and its file system location(s). In the event that more than one LDAP system is to be used for TeamCentral LDAP authentication, this scenario is supported by supplying up to 10 different systems and associated configuration settings in the Settings.config file.
<add key="LDAP_PATH_1" value="LDAP://server:port/base_dn" /> <add key="LDAP_DOMAIN_1" value="domainname" /> <add key="LDAP_PATH_2" value="LDAP://server:port/base_dn" /> <add key="LDAP_DOMAIN_2" value="domainname" />
... etc., up to 10 sets of LDAP system settings. The same principle holds for all the LDAP configurations (i.e. BASE_DN_1) to allow complete flexibility across a collection of LDAP repositories. Note: The settings (i.e. LDAP_PATH_x) must be in sequence 1 through 10. If there are any gaps in the numbers, TeamCentral will stop checking at the gap. For instance if there is an LDAP_PATH_1, LDAP_PATH_2, and LDAP_PATH_5, TeamCentral will stop checking after LDAP_PATH_2. Post LDAP authentication Important: Once successful authentication is performed on the LDAP store, a second level of authentication is performed on the configured TeamMate database, for either the direct or known user approach. If in an AD environment is in use and users enter their domain and username on the login form, this value must exist in the TeamMate database in this form (domain/username) to pass the TeamMate database authentication test. If the account is inactive in the database or the system policy is to disallow client access and the database lists the authenticated user as a client (a.k.a. contact) then an appropriate message will be displayed on the login page informing the user of this situation and subsequently disallowing entry into the application.
Appendix F: TeamMate Registration File (tmreg.ini)

TmReg.exe is a registration utility that will configure the current users registry settings for TeamMate.exe (EWP). When executed, it will read the contents of a custom configuration file (tmreg.ini) and register the contents in the registry. TmReg.exe is located in the bin directory of the client installation.
32
December 2010
TmReg.ini is primarily used to customize the HKCU registry for file default locations (paths) and TeamMate Explorer path settings. The TmReg.ini must be in the \Bin directory with the TmReg.exe program. TmReg.ini can also be used to customize other registry string entries that are stored in HKCU. Recommend Process (steps detailed in following sections) 1. Setup one PCs TeamMate Preferences and TeamMate Explorer Tabs 2. Run tmreg.exe and create configuration file 3. Edit the tmreg.ini file with a text editor 4. Distribute the tmreg.ini file to your users. 5. Apply the configuration file
Creating the configuration file

There are two options for creating the configuration file.
Create Manually
1. Create a new text file 2. Rename the file to tmreg.ini 3. Add desired settings 4. Save the file 5. Copy the file to the Program Files\TeamMate\bin folder
33
December 2010
Create from Existing Settings

1. Setup an existing installation with desired settings (tabs, locations ,etc) 2. Launch TmReg.exe from the Program Files\TeamMate\bin folder 3. Go To File Save Custom Registry 4. Choose the Program Files\TeamMate\bin folder
Specifying Numeric Values

For registry values where the data type is REG_DWORD then the values must be handled by placing the tag <numeric> immediately preceding the value to be set ensure that no spaces are used. For example, to set the auto save setting to 10 minutes the following will work:
[Preferences] AutoSaveMinutes=<numeric>10
Specifying Special Folders

In many cases, however, the administrator wants to setup the preference to a special folder that is dependent on the users login. The most common and natural ones are My Documents and Program Files. Two additional tags supported are now <My Documents> and <Programs> but make sure no spaces are used after these tags as sub-directories can be added with an opening \ required. For example, the following would be very common:
[Paths] BasePath=<Programs>\TeamMate BinPath=<Programs>\TeamMate\bin LibPath=<Programs>\TeamMate\lib TemplatePath=<Programs>\TeamMate\Templates CustomTemplatePath=<Programs>\TeamMate\Templates\custom ReportPath=<Programs>\TeamMate\reports StorePath=<Programs>\TeamMate\stores RepositoryPath=<Programs>\TeamMate\Repositories TransferPath=<My Documents>\TeamMate\transport MasterPath=<My Documents>\TeamMate\data ReplicaPath=<My Documents>\TeamMate\repl BackupPath=<My Documents>\TeamMate\backup ImportPath=<My Documents>\TeamMate\Import
In this example, it is likely that the paths would be set in the registry as:
34
CCH TeamMate Suite Configuration Guide BasePath=C:\Program Files\TeamMate
December 2010
MasterPath=C:\Document and Settings\username\My Documents\TeamMate\data If the re-register flag is set or the user manually calls Load Configuration from tmreg.exe, the process occurs regardless of the version. This is the same as before.
Note: With Windows Vista TmReg.exe must be launched as an administrator
5. Save 6. Open the file and modify settings as needed (policy version, etc)
Example tmreg.ini file

;HEADER: EWP Registration Tool (vR7.1) - Tue Jul 07 08:56:55 2009 ;HEADER: Created by TmReg.exe
[CONTROL] VERSION=2 RESETEXPLORER=1
[AutoText] 1=<Initials>, <ShortDate> 2=<Initials>, <LongDate> 3=<FullName>, <ShortDate> 4=<FullName>, <LongDate> 5=<Time>
[DATABASE] NoUnc=<numeric>1
[Explorer Tabs] Master=C:\Documents and Settings\Teammate\My Documents\TeamMate\data|0||||| MSSQLServerDatabase=|1|C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect\dbconnect.tmc|Latest_Sample_SqlServer||TS|0;0;0;~;0; OracleDatabase=|1|C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect\dbconnect.tmc|Latest_Sample_Oracle||TS|0;0;0;~;0; Local=C:\Documents and Settings\Teammate\My Documents\TeamMate\repl|0|||||
[Help] HelpPath=c:\Program Files\TeamMate\help
[HTML] AutoFormatHTML=<numeric>1 DefaultPaste=<numeric>1
35
December 2010
[MRU] RepositoryHTTPConnectionTitle=Latest_Blank_SqlServer CentralSendOption=<numeric>0 MaximizedMode=<numeric>1
[Paths] ConnectPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect BasePath=c:\Program Files\TeamMate BinPath=c:\Program Files\TeamMate\bin LibPath=c:\Program Files\TeamMate\lib TemplatePath=c:\Program Files\TeamMate\Templates CustomTemplatePath=c:\Program Files\TeamMate\Templates\custom ReportPath=c:\Program Files\TeamMate\reports TransferPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\transport MasterPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\data ReplicaPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\repl BackupPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\backup ImportPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Import StorePath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect HTTP_TEAMCENTRAL=http:\\MyWebSever\TeamCentral HTTP_TEAMSCHEDULE=http:\\MyWebSever\TeamSchedule HTTP_TEC=http:\\MyWebSever\Tec HTTP_TEAMRISK=http:\\MyWebSever\TeamRisk
[Preferences] LockTimeOut=<numeric>200000 AutoSaveMinutes=<numeric>5 StatusBar=<numeric>0
[Fonts] TextField=-13,0,0,0,400,0,0,0,0,3,2,1,34,Arial
36
December 2010
Configuration File Sections

[CONTROL] VERSION=1 RESETEXPLORER=1 Version specifies the version of the registry for comparison. If the number of the version in the .ini file is greater than the version in the registry, then the settings in this .ini file will be applied to the registry by TeamMate (EWP) when TeamMate is run. If the version in the file is less than or equal to the registry value then no changes are made. Reset Explorer specifies if the current Explorer tabs are replaced or added to. If ResetExplorer = 1 then the tabs are replaced. If ResetExplorer = 0 then the tabs specified in the configuration file are added to the tabs in EWP. The version setting is stored in the following registry key:
HKEY_CURRENT_USER\Software\CCH\EWP\TeamMate\RegVersion
[Help] GuidanceFile=H:\TeamMate\Help\xxx TeamMate Protocol.doc This sets the Local Guidance Location. [Fonts] TextField=-13,0,0,0,400,0,0,0,0,3,2,1,34,Arial This sets the default font in user populated windows. [AutoText] 1=Effective. 2=Adequate - Effectiveness Tests Performed. 3=Ineffective - No Substantive Tests Performed. 4=Ineffective - Substantive Tests Performed. 5=Inadequate - Substantive Tests Performed. 6=Adequate - No Effectiveness Tests Performed. 7=Inadequate - No Effectiveness Tests Performed. 8=<Initials>, <ShortDate> 9=<Initials>, <LongDate> 10=<FullName>, <ShortDate> 11=<FullName>, <LongDate>
37
CCH TeamMate Suite Configuration Guide 12=<Time> This sets the auto text that can be used in TeamMate fields. [MRU] RepositoryHTTPConnectionTitle=Latest_Blank_SqlServer
December 2010
This sets the default connection title to use when sending to TeamCentral. This has the effect of prepopulating this field in the send Wizard in the TeamMate Project File. Note this option is only used in a distributed model.
Note: The file above had additional fields added to it. When creating a file from the existing registry values the following sections are exported. Paths Explorer Tabs Preferences AutoText Colors Fonts Grouping Help
Manually Applying the configuration file

1. Ensure EWP is closed 2. Open TmReg.ini from Program Files\TeamMate\bin 3. Select File Load Custom Registry 4. Browse for the updated INI file 5. Click Open to apply the settings 6. Launch EWP the new settings should be visible
Automatically apply the configuration file

When TeamMate.exe is launched the Program Files\TeamMate\bin folder is scanned for the tmreg.ini file. If found, TeamMate checks for the [CONTROL] section and if found begins the version comparison process. Once this process is complete, TeamMate.exe loads with the most current registry settings.
38
December 2010
See Configuration File Sections for more information surrounding the versioning process.
Appendix G: EWP Project Conversion File (conversion.tml)

The conversion.tml file is used with distributed EWP projects only. Projects that are centralized are managed within the centralized database. With R9 the conversion.tml has two format options (INI and XML). The INI format is not compatible with new R9 features. It can only be used for conversion. The XML format is the new standard and can be used to modify existing R9 projects as well as converting prior projects.
Converting existing projects

When converting R8 projects no changes will be made to the project based on the conversion.tml file. When converting R7 projects to R9 the conversion.tml file settings will be automatically applied if no prior registry setting for converting projects is set.
Converting Exception Tabs (R7 Projects Only)

One of the most complex issues of converting R7 projects is how to handle the configurable exception tabs that are present. In R8 and R9, the auditor "recommendation" and "contact" response are key data elements that are handled in the suite. When converting a project, TeamMate looks for the following registry key.
HKEY_CURRENT_USER\Software\CCH\EWP\DATABASE\ConversionMap
If the registry key is found then that value is used for conversion. If the registry key is not found then TeamMate will search the conversion.tml file for the following section.
[CONVERSION] RECOMMENDATION=1 RESPONSE=2 NO_PROMPT=1
The above indicates to TeamMate that the "recommendation" tab from the auditor was the first tab on the bottom of the TeamMate R7 form and that "response" from the client (contact) tab was the 2nd tab of the bottom of the form. To prevent the user from being prompted for this choice during the conversion process the "NO_PROMPT=1" option has been set. To allow the user to still be prompted, change "NO_PROMPT" to a value of "0". If the [CONVERSION] section is not in the conversion.tml file (or the file is not present) the user will be prompted with a dialog box as to how they want to have the conversion do the mapping. Their selections will then be stored in their Windows registry and will be the default for the next project converted.
39
December 2010
Implementing New Categories

In order to implement new category selections on all projects, edit the conversion.tml file with values as in the following example. The sort order must be incremented for each category section. <Categories> <Category Type="ProjectGroups"> <Items> <Item> <Value>ProjectGroup1</Value> <SortOrder>1</SortOrder> </Item> <Item> <Value>ProjectGroup2</Value> <SortOrder>2</SortOrder> </Item> </Items> </Category> </Categories>
Implementing New Terminology Labels

Project terminology labels can be controlled through the use of this file. Terminology labels listed in the file can be hidden and edited. The Name of the Terminology items is required along with the value and whether or not it is hidden from view in the application. <TerminologyItems> <TerminologyItem Name="ProjectObjective"> <Value>ObjectiveText</Value> <Hidden>0</Hidden> </TerminologyItem> </TerminologyItems>
Implementing New Policies

The following section describes the policies that can be modified with the user of the conversion.tml file. The syntax is displayed below. <Policies> <Policy ID="100">1</Policy> </Policies>
40
December 2010
The following table lists all available policies for use with the conversion.tml file.
ID 100 101 200 201 202 203 204 205 300 301 302 303 304 305 400 401 402 403 404 405 406 407 408 409 410 500 501 502 Policy Type Team Team Freeze Policies Freeze Policies Freeze Policies Freeze Policies Freeze Policies Freeze Policies Signoff Policies Signoff Policies Signoff Policies Signoff Policies Signoff Policies Signoff Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Finalization Policies Lock Policies Lock Policies Lock Policies Policy TM_Team_Include TM_Team_NoAdmin TM_Freeze_Terminology TM_Freeze_Categories TM_Freeze_Advanced TM_Freeze_Custom TM_Freeze_AutoBackup TM_Freeze_Profile TM_Signoff_ResetEdit TM_Signoff_NoDelete TM_Signoff_PrepareFirst TM_Signoff_ReviewDiff TM_Signoff_ResetPrepare TM_Signoff_BatchSignoff TM_Finalize_Restrict TM_Finalize_HaltEX TM_Finalize_HaltPS TM_Finalize_HaltWP TM_Finalize_HaltProcedure TM_Finalize_HaltProcedure_Prep TM_Finalize_RetainNote TM_Finalize_RetainHistory TM_Finalize_SendCentral TM_Finalize_ReplicaNoFinal TM_Finalize_NoUnfinalize TM_Lock_Global TM_Lock_Project TM_Lock_Reencrypt Description Include team members in library file Restrict adding of administrator in projects Freeze terminolog policies Freeze all categories Freeze all advanced properties Freeze all custom property names Freeze auto backup settings Restrict profile editing to Project Owner, Manager, or Lead Reset state when an item is edited by same member as last signoff Do not delete edits within signoff history upon signoff Restrict reviewer signoff until item has been prepared Restrict team members from being the last preparer and reviewer on an item Reset state to prepared when edited since review and item is prepared again Allow batch signoff of work papers Restrict finalization process only to Admin, Manager, and Lead Force HALT for exceptions not reviewed Force HALT for programs not reviewed Force HALT for work papers not reviewed Force HALT for procedures not reviewed Force HALT for procedures not reviewed or prepared Force retention of coaching notes Force retention of complete edit history Restrict send to TeamCentral until finalization complete (Distributed only) Restrict finalization if replicas are outstanding Restrict ability to un-finalize Prohibit changes to these policies by an administrator in the created projects (project lock) Prohibit changes to these policies in any subsequent library (global lock) Force re-encryption of created projects with a unique encryption key
41

ID 600 601 603 604 605 606 607 620 621 622 623 700 701 702 703 704 705 800 801 802 803 Policy Type General Policies General Policies General Policies General Policies General Policies General Policies General Policies Security Policies Security Policies Report Import Restrict discard replica Integration Policies Integration Policies Integration Policies Integration Policies Integration Policies Integration Policies WorkFlow Policies WorkFlow Policies WorkFlow Policies WorkFlow Policies Policy TM_General_HideScorecard TM_General_AutoCalcCost TM_General_NoProjectCustom TM_General_NoEncrypt3rd TM_General_Milestones TM_General_PDF_TeamImage TM_General_NoProjectRisk TM_Security_WindowsAuth TM_Security_RestrictSaveLib TM_Security_ReportImport TM_Security_ReplicaDiscard TM_Integration_OnlyAdminAddTeam TM_Integration_NoPrjCreate TM_Integration_PlanReadOnly TM_Integration_CostReadOnly TM_Integration_TrackRecs TM_Integration_OnlyAdminAddContact TM_Workflow_ProcedureEditAssign TM_Workflow_WPEditAssign TM_Workflow_ProcedureAutoAssign TM_Workflow_WPAutoAssign Hide Scorecards
December 2010
Description
Automatically calculate 'tracked' exception costs in Profile Summary Hide Profile Custom Properties Do not encrypt 3rd party documents
Automatically associate imported PDF documents with TeamImage Hide Profile Risks Use Windows Authentication rather than Basic Authentication for login Restrict Save as Library to the Admin, Manager and Lead Allow 360 Report Import by normal users (otherwise restricted to Admin, Manager and Lead)
Restrict adding of team members to those defined within a TeamMate Suite Database Restrict project creation to those planned to the TeamMate Suite Database Restrict Profile editing if created from TeamMate Suite Database Disable Profile actual costs editing when TeamMate TEC is used Recommendations are tracked in TeamCentral Restrict adding contacts to Administrators only Restrict procedure editing based on assignment (work program is not locked) Restrict work paper editing based on assignment Automatically assign added procedures Automatically assign added work papers Authorization model for assignments and editing is based on Project Ownership rather than Role Hierarchy Further restrict editing to assignee only
804 805
WorkFlow Policies WorkFlow Policies
TM_Workflow_Authority_MgrLead TM_Workflow_Edit_Individual
42
December 2010
Sample conversion.tml File (XML format)

<ProjectUpdate Version="9.0.0"> <Name>R8 Conversion Library</Name> <Comments>Sample Conversion.TML File</Comments> <Author>CCH</Author> <UpdateVersion>9</UpdateVersion> <Properties> <EncryptDatabase>1</EncryptDatabase> <EncryptWorkpapers>1</EncryptWorkpapers> </Properties> <Conversion> <RecommendationTab>1</RecommendationTab> <ResponseTab>2</ResponseTab> <PromptUser>1</PromptUser> </Conversion> <ScheduleFolders> <ScheduleFolder Code="AS"> <Title>Audit Summary</Title> <ScheduleFolders> <ScheduleFolder Code="AS1"> <Title>Current Exceptions</Title> </ScheduleFolder> <ScheduleFolder Code="AS2"> <Title>Reports</Title> </ScheduleFolder> <ScheduleFolder Code="AS3"> <Title>Risk Documents</Title> </ScheduleFolder> </ScheduleFolders> </ScheduleFolder> <ScheduleFolder Code="PG"> <Title>Program Groups</Title> <ScheduleFolders /> </ScheduleFolder> </ScheduleFolders> <Tickmarks />
43
CCH TeamMate Suite Configuration Guide <TerminologyItems> <TerminologyItem Name="ProjectObjective"> <Value>Objective-ABCDXZX</Value> <Hidden>0</Hidden> </TerminologyItem> <TerminologyItem Name="ProjectBackground"> <Value>Background-ABCZZZZ</Value> <Hidden>0</Hidden> </TerminologyItem> </TerminologyItems> <Categories> <Category Type="ProjectGroups"> <Items> <Item> <Value>ProjectGroup1</Value> <SortOrder>1</SortOrder> </Item> <Item> <Value>ProjectGroup2</Value> <SortOrder>2</SortOrder> </Item> <Item> <Value>ProjectGroup3</Value> <SortOrder>3</SortOrder> </Item> </Items> </Category> </Categories> <Policies> <Policy ID="100">1</Policy> <Policy ID="700">0</Policy> <Policy ID="701">0</Policy> </Policies> <CustomFields /> </ProjectUpdate>
December 2010
44

TeamMate Configuration Guide

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

TeamMate Configuration Guide

Hochgeladen von

Copyright:

Verfügbare Formate

TeamMate Suite Configuration Guide

CCH TeamMate Suite Configuration Guide

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Prerequisites Related Documents

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Web Server Configuration Configuration Changes between R8 and R9

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

How to change authentication

Example Contents for Forms authentication

Windows Authentication Setup

LDAP Authentication Setup

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Internet Information Services (IIS)

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

IIS 6 and IIS 7 Differences

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Secure Socket Layer (SSL)

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Multiple Virtual Directories

Services Configuration Type of Services

Windows Service Configuration

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Service Configuration Options

Configuring Service Cache Location

Load Balancing (Web Farm) with Services

Services with External Work Papers Storage

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Services with Multiple Host Headers

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide After:

Configuring Services with Service Configuration Tool

8. Choose the desired Template and click Next

2010 TeamMate Licensing B.V. All rights reserved.

Client Configuration Database Connection

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Connection to a Global (Centralized) Database

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Connection to a local file share

Data Execution Prevention (DEP)

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Client applications on server operating systems

TeamMate Project Conversion File (conversion.tml)

2010 TeamMate Licensing B.V. All rights reserved.

CCH TeamMate Suite Configuration Guide

Using the TeamMate Software with a Terminal Server

Microsoft Terminal Server

Citrix Presentation Server