TeamMate Configuration Guide

TeamMate Suite Configuration Guide Guidance for technical staff assisting with

the implementation of the TeamMate Suite Software December 2010

.

CCH TeamMate Suite Configuration Guide December 2010

© 2010 TeamMate Licensing B.V. All rights reserved. 1

Table of Contents INTRODUCTION.................................................................................................................................................. 3

PREREQUISITES .................................................................................................................................................. 3

RELATED DOCUMENTS ..................................................................................................................................................... 3 REQUIRED TASKS ............................................................................................................................................................ 3

CONFIGURATION OPTIONS ................................................................................................................................. 3

WEB SERVER CONFIGURATION ........................................................................................................................... 4

CONFIGURATION CHANGES BETWEEN R8 AND R9 ................................................................................................................. 4 LOAD BALANCING ........................................................................................................................................................... 5 AUTHENTICATION ........................................................................................................................................................... 5

Types of Authentication ......................................................................................................................................... 5 How to change authentication .............................................................................................................................. 6 Windows Authentication Setup ............................................................................................................................. 6 LDAP Authentication Setup .................................................................................................................................... 6

DATABASE CONNECTION .................................................................................................................................................. 7 INTERNET INFORMATION SERVICES (IIS) .............................................................................................................................. 7

IIS 6 and IIS 7 Differences ....................................................................................................................................... 8 APPLICATION CONFIGURATIONS ........................................................................................................................................ 9

TeamCentral .......................................................................................................................................................... 9 TeamRisk ................................................................................................................................................................ 9 TeamSchedule ........................................................................................................................................................ 9 TEC ......................................................................................................................................................................... 9 Portal ..................................................................................................................................................................... 9 Unattended Console .............................................................................................................................................. 9 TeamMate Services ................................................................................................................................................ 9

SECURE SOCKET LAYER (SSL) ............................................................................................................................................ 9 MULTIPLE VIRTUAL DIRECTORIES ..................................................................................................................................... 10

SERVICES CONFIGURATION ............................................................................................................................... 10

TYPE OF SERVICES ......................................................................................................................................................... 10 IIS CONFIGURATION ...................................................................................................................................................... 10 WINDOWS SERVICE CONFIGURATION ............................................................................................................................... 10

Port ...................................................................................................................................................................... 10 Startup Options .................................................................................................................................................... 11

SERVICE CONFIGURATION OPTIONS .................................................................................................................................. 11 Configuring Service Cache Location ..................................................................................................................... 11 Load Balancing (Web Farm) with Services ........................................................................................................... 11 Services with External Work Papers Storage ....................................................................................................... 11 Services with Multiple Host Headers ................................................................................................................... 12

CONFIGURING SERVICES WITH SERVICE CONFIGURATION TOOL .............................................................................................. 13

CLIENT CONFIGURATION ................................................................................................................................... 14

DATABASE CONNECTION ................................................................................................................................................ 14 Centralized Model ................................................................................................................................................ 14 Distributed Model ................................................................................................................................................ 14

SERVICE CONFIGURATION ............................................................................................................................................... 14 Connection to a Global (Centralized) Database ................................................................................................... 15 Connection to a local file share ............................................................................................................................ 16

DATA EXECUTION PREVENTION (DEP) .............................................................................................................................. 16



CLIENT APPLICATIONS ON SERVER OPERATING SYSTEMS ........................................................................................................ 17 OTHER CONFIGURATION ................................................................................................................................................ 17

TeamMate Registration File (tmreg.ini) .............................................................................................................. 17 TeamMate Project Conversion File (conversion.tml) ........................................................................................... 17

APPLICATIONS .............................................................................................................................................................. 17 Setup Administrative User ................................................................................................................................... 17 Database Connections ......................................................................................................................................... 18

USING THE TEAMMATE SOFTWARE WITH A TERMINAL SERVER ......................................................................... 18

MICROSOFT TERMINAL SERVER ....................................................................................................................................... 18 CITRIX PRESENTATION SERVER ........................................................................................................................................ 18

Considerations ..................................................................................................................................................... 18 RESETTING PROFILES ..................................................................................................................................................... 19 SECURITY .................................................................................................................................................................... 19 OTHER CONSIDERATIONS ............................................................................................................................................... 19

APPENDIX A: CONFIGURATION CHECK LIST ........................................................................................................ 20

APPENDIX B: USING THE UNATTENDED CONSOLE .............................................................................................. 23

SMTP SERVER CONFIGURATION ...................................................................................................................................... 23 UNATTENDED CONSOLE CONFIGURATION .......................................................................................................................... 23

Modify the Application Configuration File ........................................................................................................... 23 Running the console for the first time ................................................................................................................. 24 Setting up a scheduled Task ................................................................................................................................. 24 Configuration Options .......................................................................................................................................... 25

APPENDIX C: LOAD BALANCING ......................................................................................................................... 27

PERSISTENT ................................................................................................................................................................. 27 NON-PERSISTENT ......................................................................................................................................................... 27

APPENDIX D: WINDOWS AUTHENTICATION ....................................................................................................... 28

CLIENT ........................................................................................................................................................................ 28 WEB SERVER ............................................................................................................................................................... 28

APPENDIX E: LDAP AUTHENTICATION ................................................................................................................ 28

APPENDIX F: TEAMMATE REGISTRATION FILE (TMREG.INI) ................................................................................ 32

CREATING THE CONFIGURATION FILE ................................................................................................................................. 33 Create Manually .................................................................................................................................................. 33 Create from Existing Settings ............................................................................................................................... 34

SPECIFYING NUMERIC VALUES ......................................................................................................................................... 34 SPECIFYING SPECIAL FOLDERS .......................................................................................................................................... 34 EXAMPLE TMREG.INI FILE ................................................................................................................................................ 35 CONFIGURATION FILE SECTIONS ...................................................................................................................................... 37 MANUALLY APPLYING THE CONFIGURATION FILE ................................................................................................................. 38 AUTOMATICALLY APPLY THE CONFIGURATION FILE ............................................................................................................... 38

APPENDIX G: EWP PROJECT CONVERSION FILE (CONVERSION.TML) ................................................................... 39

CONVERTING EXISTING PROJECTS ..................................................................................................................................... 39 CONVERTING EXCEPTION TABS (R7 PROJECTS ONLY) .......................................................................................................... 39 IMPLEMENTING NEW CATEGORIES ................................................................................................................................... 40 IMPLEMENTING NEW TERMINOLOGY LABELS ..................................................................................................................... 40 IMPLEMENTING NEW POLICIES ........................................................................................................................................ 40 SAMPLE CONVERSION.TML FILE (XML FORMAT) ................................................................................................................. 43



Introduction

The intended audience for this document includes technical staff and TeamMate Champions. This document will provide guidance to new and existing users of the TeamMate Suite software to setup and configure the TeamMate Suite. The steps in this document should only be carried out by trained IT Professionals.

Prerequisites

Related Documents

• Planning for R9 Guide

• TeamMate Suite IT Overview

• Getting Started Guide

• TeamMate Database Guide

• TeamMate Installation Guide

• TeamMate Configuration Guide

Required Tasks

Before continuing the following items must be complete

• Client Software installed (see TeamMate Installation Guide, Planning for R9 Guide, and the TeamMate Suite IT Overview)

• Web Server Software installed if using web applications (see TeamMate Installation Guide, Planning for R9 Guide, and the TeamMate Suite IT Overview)

• Tools installation (see the TeamMate Installation Guide)

• Database(s) setup and configured (see Planning for R9, TeamMate Suite IT Overview, and the TeamMate Database Guide for details)

• Local Administrative access to the web server and client machines

Configuration Options

Before continuing be sure to consult the other related guides to determine the deployment scenario to setup. Appendix A: Configuration Check List contains the most common deployment scenarios at the highest level. Use the check list in conjunction with the sections in this document to complete the TeamMate Suite Configuration.



Web Server Configuration

Configuration Changes between R8 and R9

For R9 many of the settings in the web.config configuration file have been relocated to other files. The diagram below shows the relationship between the R9 configuration files.

1. Authentication type

a. moved from web.config to application root\authentication\current.config

b. specific to each application

2. Application Settings

a. moved from web.config to TeamCentral\Settings.config for all applications

b. single file to store application settings for all applications

c. includes but not limited to

• LDAP configuration

• Portal Settings

• Connection File (dbconnect.tmc) location

• Attachment Exclusion list

• Report Settings

Note: Configuration files from prior versions CANNOT be used.



Load Balancing

The TeamMate Web applications support load balancing. For more information see Appendix C: Load Balancing.

Authentication

The authentication models available include Forms, Windows, and LDAP. The authentication settings were relocated from the web.config file to the current.config file found in the Authentication folder in the root for the application.

Example: \TeamCentral\Authentication\settings.config

Each application can use different forms of authentication although it is recommended to use the same type of authentication for all applications.

Types of Authentication

Forms

Forms Authentication is the default authentication model set when the installation is complete. With this model, the entire authentication process occurs within the application. When the web application is accessed, a default form is presented to the user to enter the login credentials in the form of a username and password. After the credentials are validated against the TeamMate global database the user is allowed to proceed only if the user has a valid role for the web application.

The application when installed defaults to forms authentication so no additional configuration is needed to use forms authentication.

Windows (Integrated) Windows Authentication will authenticate a user based on the standard windows login. When the user accesses the Web Application the logged in windows account information is passed to the application for validation against the TeamMate global database. This process is automatic and does not require a user to enter any information into a form on the web page. If the user's windows account information (ex: Domain\loginname) matches a login name in the database for this application then the user is allowed to continue into the web application (site). Note: Passwords are ignored for the Windows Authentication Model.

LDAP Lightweight Directory Access Protocol (LDAP) authentication is similar to the Forms authentication method where the user must enter the username and password. Where LDAP differs is the authentication process. Once the user enters the login credentials the information is passed from the web application to the LDAP server for validation. After the user is validated against LDAP the login credentials then are validated against the TeamMate global database. Then the credentials are validated against the TeamMate global database the user is allowed to proceed only if the user has a valid role for the web application.

How to change authentication

1. Open the desired configuration file (forms.config, windows.config, ldap.config) up with a text editor (Notepad)

2. Select File – Save As

3. Save the file as current.config overwriting the existing file

4. Ensure the NTFS permissions are propagated to the file

5. IIS must be reset for the changes to take effect (Run IISRESET from the command line)

Example Contents for Form’s authentication



<authentication mode="Forms">

<forms name=".TMCookie"

loginUrl="Login\LoginPage.aspx"

enableCrossAppRedirects="true"

domain=""

protection="All"

timeout="80"

path="/"/>

</authentication>

Windows Authentication Setup

See Appendix D: Windows Authentication for more information surrounding Windows (Integrated) authentication.

LDAP Authentication Setup

See Appendix E: LDAP Authentication for more Information surrounding LDAP authentication.



Database Connection

The connection to the TeamMate Global Database can be found in the settings.config file in the root of the TeamCentral directory. This file by default is located in \Program Files \ TeamMate \ Connect \ dbconnect.tmc. If installing to a non-default location this setting must be modified to point to the new tmc file location.

1. Open the Settings.config file with a text editor (Notepad)

2. Modify the following line to point to the connection file location

<add key="TmcPath" value="C:\Program Files\TeamMate\Connect\dbconnect.tmc" />

3. Save the file

4. IIS must be reset for the changes to take effect (Run IISRESET from the command line)

Internet Information Services (IIS)

By default the installation sets up the Applications (Virtual Directories in IIS 6) to use the Default Application Pool. It is recommended to isolate the TeamMate Software from other applications. The table below shows the recommended setup where Application Pool 1 and 2 represent separate application pools.

Recommended Setup for Application Pools

Application Recommended Minimum Not Recommended

TeamCentral Application Pool 1 Application Pool 1 DefaultAppPool

TeamRisk Application Pool 1 Application Pool 1 DefaultAppPool

TeamSchedule Application Pool 1 Application Pool 1 DefaultAppPool

Tec Application Pool 1 Application Pool 1 DefaultAppPool

TeamMateServices Application Pool 2 Application Pool 1 DefaultAppPool



IIS 6 and IIS 7 Differences

Microsoft made changes to the structure of IIS between versions 6 and 7. One notable change is how Virtual Directories and Applications are used. The screenshot below shows the differences in the directory structure. With IIS 7 a virtual directory is added below the Application. This is Microsoft’s recommended setup.



Application Configurations

As noted above all settings specific to the web applications are now located in the Settings.config configuration file located in the TeamCentral application directory (\wwwroot\TeamCentral\Settings.config).

TeamCentral

No customizable settings exist at this time.

TeamRisk


TeamSchedule


TEC


Portal

The Portal contains a link to each application. These links (Icons) can be hidden from view by changing the value to “false” in the settings file for the desired application. Each application also has a link back to the portal homepage. This can be modified with the “ShowPortalLink” setting. The links to each of the main applications (TEC, TeamSchedule, and TeamRisk) can also be pointed to a different URL. These can reside on a different server.

Unattended Console

The settings for the unattended console are located in the TeamMate.UnattendedConsole.exe.config file. This file is installed to C:\Program Files \ TeamMate \bin by default. See Appendix B – Using the Unattended Console for details.

TeamMate Services

See Services Configuration for setting up services.

Secure Socket Layer (SSL)

SSL or TLS can be used to manage the security of message transmissions across the network with the TeamMate Web Applications. A certificate must be obtained from a certificate authority (CA), internally self signed or well known external. This certificate must then be installed in IIS in a simple operation facilitated by the IIS console. The process varies some by CA and the CA will provide the necessary instructions for obtaining and installing your SSL or TLS web server certificate.



Multiple Virtual Directories

The TeamMate software can be configured to run multiple virtual directories. Multiple connection files can now be used with the websites.

Steps to create Multiple Virtual Directories

1. Copy Folder directory of application (example: \wwwroot\TeamCentral) to another directory (wwwroot\TeamCentral2)

2. Set NTFS Permissions on the new directory

3. Open IIS Admin and create a Virtual Directory out of the newly copied folder

4. Set all Virtual Directory settings to match the original virtual directory. The only difference will be the Application Name.

5. Test the newly created virtual directory

6. Modify configuration as needed.

Services Configuration

Type of Services

EWP can be configured to use web services for Replication, Get and Send Functionality with TeamStore, and sending to TeamCentral. These services are offered in a web-based (IIS) configuration or as a window’s service.

IIS Configuration

When using the TeamMate Services with IIS the web.config file must be modified to point to the TMC location. This file is located in the directory root for TeamMateServices (\wwwroot\TeamMateServices\web.config). Once the configuration is complete, reset IIS to implement the changes. See the Service Configuration Options section for details and additional configuration options.

Windows Service Configuration

When using the TeamMate Services as a Windows Service the application configuration file (TeamMate.Services.Host.WindowsService.exe.config) must be modified to point to the TMC location. This file is located in the following directory – \ProgramFiles\TeamMate\bin\. Once the configuration is complete, restart the service to implement the changes. See the Service Configuration Options section for details and additional configuration options.

Port

By default the service is set to listen on Port 6000. This can be modified but will need to be changed for all base addresses in the application configuration file. The example below shows the base address for the Integration Services.

<add baseAddress="http://localhost:6000/IntegrationService"/>

Once the configuration file is changed restart the service for the changes to take effect. Be sure to change the service.config file created to point to the new port number.

http://localhost:6000/IntegrationService�

Startup Options

It is recommended that the windows services have the Start Up option set to Automatic.

Service Configuration Options

There are two main configurable settings for services. These include CacheInMemory (true (default)/false), and CachePath (uses temp folder if not specified, i.e. C:\Documents and Settings\<username>\Local Settings\temp\), and these settings need to be prefixed with either Service or Client as appropriate. By default the cache is stored in memory. This configuration requires no file permissions to be set. All other service configurations (excluding locations and paths) should not be modified unless directed by TeamMate Support.

For very large packages and/or large numbers of concurrent users, it is recommended that the service cache be on disk (to reduce memory consumption).

Configuring Service Cache Location

To change the transport service configuration to cache to disk the web.config file must be modified (ServiceCacheInMemory and ServiceCachePath settings). For a client app which supports in-process hosting (i.e. TeamMate.exe), you may specify both ClientCacheInMemory/ClientCachePath and ServiceCacheInMemory/ServiceCachePath settings (i.e. in TeamMate.exe.config).

In the example below, we are configuring web.config (for IIS) for on disk transport cache:

The example below demonstrates how to set the web.config to store the cache on a disk.

<appSettings>



<add key="ServiceCacheInMemory" value="false"/>

<add key="ServiceCachePath" value="C:\Transport\ServiceCache"/>

</appSettings>

1. NTFS modify permissions must be set on the ServiceCachePath folder in the same manner as the other folders. For Windows 2003 this would be the ASP.NET, IUSER_<MachineName>, and IIS_WPG accounts. For Windows 2008 this will be the IIS_IUSRS account.

Load Balancing (Web Farm) with Services

If a web farm is used (more than one web server behind a load balancer), and sticky sessions are not used, then ServiceCacheInMemory must be false and the ServiceCachePath must be set to the same value on all web servers. The ServiceCachePath value must be either a UNC path or mapped drive path that all machines can access.

Services with External Work Papers Storage

When using services and storing EWP work papers externally from the database (storing on a file share) then additional setup tasks are required. The user account that the TeamMate Services are running as must have permission to the file share or errors will occur. For IIS this is the account the application pool is running under. For the Windows Service option this will be the account the Windows Service is running under. It is recommended to use a domain account that can have privileges on the server and



the file share. When using IIS the domain account must have the same privileges on the NTFS folder structure that the original account had. Normally this is the Network Services account. These permissions can be set at the root of the TeamMateServices directory and propagated down.

Services with Multiple Host Headers

When using TeamMate Services with a web site that has multiple host headers defined additional configuration is required.

1. Open the web.config file for TeamMate Services (wwwroot\TeamMateServices\web.config)

2. Add the following section of code to the <system.serviceModel> section replacing MYHOSTHEADER with the name of the first host header for the website.

<serviceHostingEnvironment> <baseAddressPrefixFilters> <add prefix="http://MYHOSTHEADER/TeamMateServices"/> </baseAddressPrefixFilters> </serviceHostingEnvironment>

3. For each service node listed below make the following changes

Services

o TeamMate.Services.Utilities.UtilitiesService o TeamMate.Services.Transport.TransportService o TeamMate.Services.Replication.ReplicationService o TeamMate.Services.Integration.IntegrationService

The example below demonstrates changing the Utilities service to support 2 host headers where teammate1 is the first header and teammate2 is an additional host header. For each header 2 additional endpoint nodes must be added.

Note: The address for the first node must be changed to a fully qualified name.

Before: <service name="TeamMate.Services.Utilities.UtilitiesService" behaviorConfiguration="behaviorDefault"> <host> <baseAddresses> <add baseAddress="Utilities.svc" /> </baseAddresses> </host> <endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" /> <endpoint contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding" bindingConfiguration="MtomSecurityNone" /> </service>



After: <service name="TeamMate.Services.Utilities.UtilitiesService" behaviorConfiguration="behaviorDefault"> <host> <baseAddresses> <add baseAddress="Utilities.svc" /> </baseAddresses> </host> <endpoint address="http://teammate1/TeamMateServices/Utilities.svc/mex" contract="IMetadataExchange" binding="mexHttpBinding" /> <endpoint address="http://teammate2/TeamMateServices/Utilities.svc/mex" contract="IMetadataExchange" binding="mexHttpBinding" /> <endpoint address="http://teammate1/TeamMateServices/Utilities.svc" contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding" bindingConfiguration="MtomSecurityNone" /> <endpoint address="http://teammate2/TeamMateServices/Utilities.svc" contract="TeamMate.Services.Utilities.IUtilitiesService" binding="wsHttpBinding" bindingConfiguration="MtomSecurityNone" /> </service>

Configuring Services with Service Configuration Tool

EWP uses the service configuration file (service.config) for Replication, Get and Send Functionality with TeamStore, and sending to TeamCentral. The service.config file is always placed in the following directory:

%User Profile%/My Documents / TeamMate / Connect

1. Open TMDBAdmin

2. Click on Create Service Configuration from the left navigation menu

3. Click New File to create a new file or Open File to open an existing file and click Next

4. Click Create a new service to create a new entry or Edit an existing service to edit an existing entry (select from list) and click Next

5. Service Entry Name – enter an identifier for this service (ex. US East) – note any spaces will be replaced with an underscore (_) and the service name must be unique. click Next

6. Choose the deployment Model and click Next

Service Options

• IIS – available with web server installation • Windows service - available with tools installation

7. Enter the URL for the service location and click Next URL for service

• IIS – http://ServerNameOrIPAddress//TeamMateServices • Windows – http://ServerNameOrIPAddress:6000

8. Choose the desired Template and click Next Template Options (WAN or LAN)

• WAN – used for Wide Area Networks (slower connections)

• LAN – used for Local Area Network (faster connections)

http://servernameoripaddress/TeamMateServices�



9. Click Test to confirm the configuration is working

10. Click Save to save the configuration to the file

11. Click Cancel to exit or Next to create another entry

Client Configuration

Database Connection

The client applications (TeamRisk, TeamSchedule, TeamAdmin, and TeamStore) connect directly to the centralized (global) database via a connection file (dbconnect.tmc). This file by default is stored in the user’s \Documents\TeamMate\connect folder. The file created during the database creation and setup (see Database Guide) should be copied to this directory. Note that in a distributed model a centralized (global) database is still required for the client applications if using TeamSchedule or TeamRisk with EWP.

EWP data access varies depending on the Model being used

Centralized Model

EWP connects to the centralized (global) database directly and EWP projects are stored inside the database. The connection is made via the connection file (dbconnect.tmc).

Distributed Model

EWP connects to local independent Access Databases that are stored on a file system (local hard drive or file share) for working with EWP Projects. To get and receive data from the other applications a get / send approach is used via services and/or a connection file which connects to a centralized database (see above).

Service Configuration

The service configuration should be setup using the instructions found here Services Configuration. Once the service.config file has been created then copy it to the following folder for the user \Documents\TeamMate\connect. To change the location of the service configuration this will need to be done via the registry. Change the path for the following registry key and restart the application.

HKEY_LOCAL_MACHINE\SOFTWARE\CCH\TeamMate\ServiceConfigPath

If the key does not exist then create it.

1. Open Registry Editor

2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CCH\TeamMate

3. Right click and select New String Value

4. Enter the path to the Folder containing the service configuration file. Do not put the full path to the file. Example:



I

Once the service configuration file is in place then EWP needs to be configured for the connection to the database.

Connection to a Global (Centralized) Database

1. Launch EWP

2. In the TeamMate Explorer window right click on one of the existing tabs and select “Insert Location Tab”

3. Give the Tab a Location Name (ex My Database)

4. Under Database Location select Centralized (SQL or Oracle)

5. Browse for the connection file (dbconnect.tmc) created above

6. Choose the desired connection from the “Title” drop down list

7. Additional Filter Options – used to filter the list of projects to reduce the amount of visible projects (this is optional)

8. Change the Service Location to the location from the service.config file. (Note: there can be multiple locations)

9. Click OK to save the new tab

10. When opening the tab in EWP a login prompt should appear



Connection to a local file share

1. Launch EWP

2. In the TeamMate Explorer window right click on one of the existing tabs and select “Insert Location Tab”

3. Give the Tab a Location Name (ex My Database)

4. Under Database Location select Distributed (File Share or Off-Line Replica)

5. Choose a folder location on the file system

6. Change the Service Location to the location from the service.config file. (Note: there can be multiple locations)

7. Click OK to save the new tab

8. When opening the tab in EWP a list of projects will appear. If the directory is empty then no projects will show in the list

Data Execution Prevention (DEP)

When using EWP and the TMDBAdmin some instances may occur where Data Execution Prevention (DEP) blocks access to the applications. In these instances the program being blocked must be allowed to execute. Use the following instructions to Disabled DEP for an application.

1. Open System Properties (Start Control Panel System)

2. Go to Advanced Performance Settings

3. Click on Data Execution Prevention

4. Click “Turn on DEP for all programs and services except those I select:”

5. Add the program to the list

6. Click OK to save

7. A reboot maybe required

TeamMate Applications that may need this option set

• Teammate.exe

• ParadoxConversionConsole2.exe (used by TeamMate.exe and TMDBAdmin.exe)



Client applications on server operating systems

When installing EWP on a server operating system some additional settings maybe required. When Internet Explorer Enhance Security Configuration (ESC) is enabled certain errors and warning will occur throughout EWP. To resolve this the following steps must be performed for each user affected.

1. Launch Internet Explorer and go to Internet Options

2. On the security tab highlight Trusted Sites and click “Sites”

3. Add the following to the Websites list

About:security_teammate.exe

4. Save and close Internet Explorer

Other Configuration

TeamMate Registration File (tmreg.ini)

The tmreg.ini file is used to set EWP preferences at the client level. For more information on using this see the following section.

Appendix F: EWP Registration File (tmreg.ini)

TeamMate Project Conversion File (conversion.tml)

The conversion.tml file is used to set EWP preferences at the project level. For more information on using this see the following section.

Appendix G: EWP Project Conversion File (conversion.tml)

Applications

Setup Administrative User

Once the client configuration has been completed then the process of using the software can begin. The initial login for a new database will be with the TMChampion account. This user can only access TeamAdmin. Use the following instructions to setup an additional administrative account to access other applications in the suite.

1. Launch TeamAdmin

2. In the Open Database Form select Manage

3. Browse for the connection file if not already populated (default location is \Documents\TeamMate\Connect\dbconnect.tmc)

4. Select the connection file and click OK

5. Choose a connection from the Open Database menu

6. Login with tmchampion as the username and champion as the password

7. Change the password when prompted

8. Under User Management select create new user

9. Create a new user following the prompts in the wizard



10. On the application roles screen give the user administrative access to all application

11. Save the user

At this point the user should be able to login to any application.

Database Connections

The steps for opening a database are the same for all client applications (except EWP which was described previously).

After launching the application:

1. In the Open Database Form select Manage

2. Browse for the connection file if not already populated (default location is \Documents\TeamMate\Connect\dbconnect.tmc)

3. Select the connection file and click OK

4. Choose a connection from the Open Database menu

Using the TeamMate Software with a Terminal Server

The TeamMate software can be used in conjunction with a terminal server. The two supported options are Microsoft Terminal Server and Citrix Presentation Server. The installation of the software is the same as with a standard client installation. The configuration varies depending on preferences, environment, and solution.

The configuration options that change primarily surround the location of the configuration files. Many clients choose to place the configuration files in a centralized location so all users have the same setup / settings.

The following files are normally centralized when using terminal servers:

4. Database Connection File (dbconnect.tmc)

5. EWP Registration File (tmreg.ini) – see Appendix F: EWP Registration File (tmreg.ini)

6. EWP Conversion Template (conversion.tml) see Appendix G: EWP Project Conversion File (conversion.tml)

Microsoft Terminal Server

Additional configuration for Microsoft Terminal Server is not required for a standard installation. Some items that can be modified to improve performance and usability include the screen resolution, bit depth, and compression.

Citrix Presentation Server

Once the applications are installed and configured then the applications should be published to the end user. The user will require permission to the program files and data directories on the server.

Considerations



• Temporary File Locations (Temp Files) – the temp files location should be set to a location on the Citrix server. Most often the C:\ drive in a Citrix session is pointing back to the client’s local machine. If the temporary files directory for EWP is pointing to this location then performance will be reduced significantly.

• Bit Depth – the bit depth can be reduced to assist in performance over slower connections. Note this does reduce the overall quality of the interface.

• Publish the individual applications in lieu of the launch pad. This will reduce memory usage across multiple users and help control application usage.

Resetting Profiles

When using terminal servers the option to reset user profiles is popular. While this locks down the environment and ensures that the user has the same settings each time they enter the application this can cause other issues. Some of the settings for the applications are profile based, which when reset at each logoff, force the user to make certain changes every time they log in. This can also reset any “fixes” that may be applied by the user. The recommendation here would be to have a default “base” profile and have users inherit from this profile every time they log in to the session. This would allow changes made to the base profile to be propagated to the users the next time they log in.

Security

Security for terminal servers lies with the end user. The connection between the client and the terminal server should be encrypted if using on a Wide Area Network (WAN).

Other Considerations

Windows Presentation Foundation (WPF) – any inconsistencies with EWP and the Risks and Controls viewer can be addressed by modifying the hardware acceleration settings for the session. This is a known limitation with WPF and terminal service sessions / virtualization.



Appendix A: Configuration Check List

Use this checklist to assist in configuring the TeamMate Suite. The first two steps must be complete prior to continuing. Once a configuration model has been chosen – then proceed to that model and complete all required steps. Only one of the models should be used.

1 Prerequisites Met

Client Software Installed

Server Software Installed (optional)

Tools Installed

Database(s) setup and configured (includes EWP Projects and Templates)

Local Administrative Access to Web Server and Client Machines

2 Determine Options (Critical)

WorkPaper Storage Location (Inside / Outside Database)

Determine Configuration Option

Centralized Configuration (EWP Projects in Global Database - Using all applications) - Recommended

Web Server

1 Setup Authentication

2 Set Database Connection(s) (connection file location)

3 Modify IIS Configuration (Application pools)

4 Configure Web Settings (Settings.config)

5 Configure TeamMateServices

Client


2 Set Service Configuration (service configuration file)

3 Configure EWP \ Tabs

4 Setup Unattended Console SMTP Settings (TeamAdmin)

5 Set up Launch Pad links



Centralized Configuration (EWP Projects in Global Database - no web applications - Using Windows Services)

Services

1 Configure TeamMate Services as a Windows Service

Client



3 Configure EWP \ Tabs


Decentralized Configuration (EWP Stand Alone Projects and Centralized Database for Other Applications - Including Web Applications)

Web Server

1 Setup Authentication


3 Modify IIS Configuration (Application pools)

4 Configure Web Settings (Settings.config)

5 Configure TeamMateServices

Client



3 Configure EWP \ Tabs (Tabs pointing to file share / local disk)


5 Set up Launch Pad links

Decentralized Configuration (EWP Stand Alone Projects and Centralized Database for Other Applications - Excluding Web Applications - Using Windows Services)

Services

1 Configure TeamMate Services as a Windows Service

Client





Decentralized Configuration (EWP Stand Alone Projects and Centralized Database for Other Applications - Excluding Web Applications - No Services)

Client



Decentralized Configuration (EWP Stand Along Projects only - no centralized database or other applications used)

Client


Note: A local database (access) will be required for storing templates to create projects from




Appendix B: Using the Unattended Console

The Unattended Console generates email automatically based on user settings. The setup involves 2 steps. The first step must be performed with TeamAdmin. In the second step the Unattended Console application is configured to run on the web server based on a user defined schedule.

The email configuration should only be done after the database connection has been setup to point to the new / converted database. Email notifications are database dependent and must be configured per database.

SMTP Server Configuration

Refer to the TeamAdmin help manual for information on setting up the SMTP Server in the database using Team Admin. Proceed to the next step only after the SMTP configuration is complete.

Unattended Console Configuration

The Unattended console (UAC) is an application that runs on the web server. The UAC is called via a scheduled task and queries the database for any emails waiting to be sent. The emails are then sent via SMTP to the end users. The following steps detail the configuration of the Unattended Console.

Modify the Application Configuration File

1. Open TeamMate.UnattendedConsole.exe.config with a text editor (Notepad). The installation location by default is

\Program Files\TeamMate\bin\

2. Verify the location of the database connection file (DBconnect.tmc).

a. Locate the appSettings section

b. The TmcPath must point to the correct location. If the server was installed to the default location this will not require modification.

c. Make any changes necessary and save the file.

<appSettings>

<add key="AppLogName" value="UnattendedConsole" />

<add key="TmcPath" value="C:\Program Files\TeamMate\Connect\DBConnect.tmc" />

<add key="ClientSettingsProvider.ServiceUri" value="" />

</appSettings>



Running the console for the first time

To run the application for the first time and load the plug-ins use the following instructions.

1. Open a command prompt (Start Run Type CMD and click OK)

2. Change directories to the directory that contains TeamMate.UnattendedConsole.exe (default is C:\Program Files\TeamMate\bin).

3. Enter the following command to load all plug-ins. To load a specific plug-in (Team Central for example) replace the 0 in the command below with the plug-in ID of the application to load. See the tables below for available plug-in ID’s.

TeamMate.UnattendedConsole.exe /p:0

4. Any error messages will appear in red. Error messages that refer to email templates not being setup correctly can be ignored for the purpose of installation. After the console is setup all templates that are going to be used should be configured prior to using the application. See the TeamAdmin help manual for details.

Setting up a scheduled Task

The UAC can run as often as desired. To run the UAC the preferred method is via scheduled tasks. One or more tasks can be created and configured separately. For example a user may want a task to run and send Team Central emails daily while Tec emails should only be sent weekly.

The scheduled task will require a user account to function. This account can be a local or domain account and be a member of the Users group on the web server itself in order to function properly. No additional permissions are needed. This account should be setup and ready prior to proceeding.

Use the instructions below to setup a scheduled task.

1. Go to Start Settings Control Panel Scheduled Tasks Add a Scheduled task

2. Click next and then browse to the TeamMate.UnattendedConsole.exe file (default location is C:\Program Files\TeamMate\bin) and then click open

3. Choose the interval at which this task should run and click next

4. Choose the start time at which this task should run and click next

5. Enter the User Account credentials to be used for this scheduled task and click next

6. Check the box to open advanced properties and click finish

7. Here one can modify the schedule and configuration options for the task.

For a list of all configuration options available see the following sections.



Configuration Options

The proceeding tables provide information for configuring the scheduled tasks to be used with the UAC.

The following command line switches are used in conjunction with the scheduled task.

Command Line Switch Short form Description

/TemplateID:<int> /t:<Template ID>

Email Template Identifier, this parameter supports multiple values.

/ExecuteAll[+|-] /all Execute All Plugins. Default value: -

/TmcPath:<string> /tmc:<TMC file path>

File path for Tmc config file. Default value:’C:\Program Files\TeamMate\Connect\dbconnect.tmc..’

/PluginID:<int> /p:<Plugin ID> Plugin Identifier. Default value: 0

/ConnectionTitle:<string> /c:<Connection Title>

Tmc Connection Title. Default value: ‘teammate’.

/? Help

The following table lists the available email plug-ins (PluginID) and associated plug-in ID’s.

Plugin ID

Description (Type of plugin) Command Line Example

0 Run all plugins TeamMate.UnattendedConsole.exe /p:0

1 Email Queue Resender TeamMate.UnattendedConsole.exe /p:1

4 TeamRisk TeamMate.UnattendedConsole.exe /p:4

10 TeamMate Tec TeamMate.UnattendedConsole.exe /p:10

11 TeamCentral TeamMate.UnattendedConsole.exe /p:11

12 TeamSchedule TeamMate.UnattendedConsole.exe /p:12



The following table lists the available email templates (Template ID’s) and the associated application.

Template ID Description Application

3 Timesheet Overdue TeamMate Tec

4 Risk Assessment Invitation Team Risk

5 Risk Assessment Submission Team Risk

6 Risk Assessment Completion Team Risk

7 Time sheet Rejected TeamMate Tec

8 Expense Sheet Rejected TeamMate Tec

9 Status Update Reminder TeamCentral

10 Status Update Submission TeamCentral

11 Implementation Reminder TeamCentral

12 Implementation Action Submission TeamCentral

13 New User Account Created (Team Central) TeamCentral

14 Password Reset Notification TeamCentral

15 Comment Notification TeamCentral

17 Recommendation Implementation Ready for Approval

TeamCentral

18 Recommendation Implementation Rejected TeamCentral

19 Recommendation Reopened TeamCentral

20 Status Update Overdue TeamCentral

21 Recommendation Implementation Overdue TeamCentral

23 Status Update submission with a date revision TeamCentral

24 Assignments Changed TeamSchedule

An example of Command Line Statement placed in the Run Section of the Scheduled Task is below. This line runs all plugins (/p:0) and uses the connection title “sql1” from the tmc file.

"C:\Program Files\TeamMate\bin\TeamMate.UnattendedConsole.exe" /p:0 /c:sql1

If the connection title has a space in the name then place the title in quotes as shown below.

"C:\Program Files\TeamMate\bin\TeamMate.UnattendedConsole.exe" /p:0 /c:”my sql1”



Appendix C: Load Balancing

The TeamMate Server applications are supported for load balanced environments also known as a web farm. The configuration needed will be based on the type of load balancing that is being setup and how the session state is configured.

Persistent

If a persistence based load balancing system is used the session state will be stored locally to each server as the user is directed back to the same server for the life of the session. In this scenario the application will need to be installed to each of the servers in the farm. All servers should be setup identically to avoid confusion to the users and ensure the applications function as expected. This includes database (DBconnect.tmc) and application(web.config) configuration files.

Non-Persistent

If a non-persistence load balancing system is used then the session state must be stored on a state server. A state server can be another physical server or a SQL Database. This setup requires additional configuration in addition to a persistence setup. The settings for the session state are located in the web.config file for each application.

Open the web.config file and find the following section. Note there will be more lines in this section than are shown here.

Default Configuration

<system.web>

<sessionState mode="InProc" cookieless="false" timeout="30"/>

</system.web>

State Server Configuration

An example of a state server configuration is shown below:

<system.web>

<sessionState mode="StateServer"

stateConnectionString="tcpip=dataserver:42424"

cookieless="false" timeout="30"/>

</system.web>

SQL Server Configuration

An example of a SQL Server configuration is shown below:

<system.web>

<sessionState mode="SQLServer"

sqlConnectionString="datasource=127.0.0.1;user id=<username>;password=<password>"

cookieless="false" timeout="30"/>

</system.web>



Appendix D: Windows Authentication

Integrated Authentication (windows authentication) allows users to enter the application (web or client) directly without logging in. Use the following instructions to configure windows authentication for the client and server.

Key Points

The client and server can be configured separately where one uses Windows authentication and the other uses another form of authentication

Windows requires the DOMAIN\username syntax for the TeamMate loginname when using windows authentication.

Client

To setup windows authentication for the client applications refer to the TeamAdmin user manual. Once the policy is set to use Windows Authentication all of the client applications will utilize this setting.

Web Server

Use the instructions found in How to change authentication to switch to windows authentication. Once this is done an additional step must be taken to improve performance of the application.

1. Open IIS Manager

2. Go to each of the applications (TeamCentral, TeamRisk, TeamSchedule, TEC, and TeamMateServices) and select properties

3. Turn off anonymous access to the application and subdirectories

4. Setup NTFS permissions for the user on the folders

a. Refer to the Installation Guide for NTFS permission requirements

b. Create or use an existing Security Group (domain or local)

c. Add the group to each of the NTFS folders and set the required permissions

d. Add any users who will be accessing the websites

5. Reset IIS

Appendix E: LDAP Authentication

This section describes how to configure the applications for use with LDAP.

• LDAP can only be used with the Web Applications

LDAP authentication can be performed in one of two ways with each being highly configurable in order to adapt to the demands of LDAP environments. To configure the applications for LDAP the Settings.config file must be modified.

(Note: The location for the settings file is \wwwroot\TeamCentral\Settings.config)

The first way of authentication is what is termed as a known user or three step approaches while the second is termed the direct approach. The known user approach is essentially a three (3) step approach that is a best practice and applicable for environments that require a greater measure of security. The direct approach is relatively less secure, but also easier to implement and less network intensive.



NOTE: All configuration settings are optional beyond the LDAP path (server configuration setting) described in the following section. Additional configuration settings are provided to adapt to the various LDAP environments in which the applications may be deployed and to provide the highest degree of flexibility. Finally, some optimal configuration settings may be dependent on the usage of another setting; however, these dependencies are documented in the sample LDAP configuration file deployed with the applications and the following section.

Known User Approach

The known user approach requires working with the LDAP administrator(s) to establish a known user that the applications will use for its initial connection to the LDAP repository. This account will be placed in the Settings.config file. An authentication session will consist of the application connecting to the LDAP store as this known user, retrieving the distinguished name of the user being authenticated based on their simple account name entered at the login screen and then attempting to bind with the LDAP retrieved fully distinguished name of the user and the associated password, also entered by the user at the login screen. This approach will only allow the session to occur with the known user which is beneficial for security and tracing of LDAP activity to the applications.

The "known user approach" consists of three steps and the following transactional details and configuration options.

Step 1 Binding to the LDAP server as a pre-configured known application user

The purpose of this step is to only allow known users to initially access the system as well as to allow tracing of TeamCentral activity.

Note: The key parameters for this bind are the LDAP_PATH which specifies the target LDAP server and optional BASE_DN, which is appended to the LDAP_PATH to specify a specific object in the LDAP hierarchy to perform the bind. In addition, the APPLICATION_USERNAME and APPLICATION_PASSWORD are the known user credentials used for this bind and are used to identify this application. These known user credentials are supplied by the LDAP administrators. The presence of the application username and password are the determining factors for whether known user approach is used. Lastly, the final parameter key that may be used for this portion of the approaches transaction is the type of authentication mode used for the bind, key of AUTHENTICATIONTYPE. Typically this is either SECURE (a value of 1) for Microsoft AD environments or NONE (a value of 0) for all others. There are exceptions for these authentication mode values and these are addressed below.

Note that if the active directory is targeted, the APPLICATION_USERNAME must be preceded by the associated domain name (domain\username).

Member Name Description Value

Anonymous No authentication is performed. The providers may attempt to bind a client as an anonymous user to the targeted object. The WinNT provider does not support this flag. Active Directory establishes a connection between the client and the targeted object, but does not perform any authentication. Setting this flag amounts to requesting an unsecured binding, which means "Everyone" as the security context.

16

Delegation Enables Active Directory Services Interface (ADSI) to delegate the user's security context, which is necessary for moving objects across domains.

256



Encryption Forces ADSI to use encryption for data that is being exchanged over the network.

2

FastBind ADSI does not attempt to query the Active Directory objectClass property and thus only exposes the base interfaces supported by all ADSI objects instead of the full object support. A user can use this option to boost the performance in a series of object manipulations that involve only methods of the base interfaces. However, ADSI does not verify if any of the request objects actually exist on the server. For more information, see "Fast Binding Options for Batch Write/Modify Operations" in the Active Directory Programmer's Guide.

32

None Equates to a null reference (Nothing in Visual Basic). 0

ReadonlyServer For a WinNT provider, ADSI tries to connect to a primary domain controller (PDC) or a backup domain controller (BDC). For Active Directory, this flag indicates that a writable server is not required for a serverless binding.

4

Sealing Encrypts data using Kerberos. The Secure flag must also be set to use sealing.

128

Secure Requests secure authentication. When this flag is set, the WinNT provider uses NTLM to authenticate the client. Active Directory uses Kerberos, and possibly NTLM, to authenticate the client. When the user name and password are a null reference (Nothing in Visual Basic), ADSI binds to the object using the security context of the calling thread, which is either the security context of the user account under which the application is running or of the client user

1

SecureSocketsLayer Attaches a cryptographic signature to the message that both identifies the sender and ensures that the message has not been modified in transit. Active Directory requires the Certificate Server be installed to support Secure Sockets Layer (SSL) encryption.

2

ServerBind If the ADsPath includes a server name, specify this flag when using the LDAP provider. Do not use this flag for paths that include a domain name or for serverless paths. Specifying a server name without also specifying this flag results in unnecessary network traffic.

512

Signing Verifies data integrity to ensure that the data received is the same as the data sent. The Secure flag must also be set to use signing.

64

Step 2



Performing a filter search using the users supplied username at the login page and configurable attribute name to retrieve the user’s distinguished name. The purpose of this step is to allow a user to enter a simple account name and for the system to retrieve the association fully distinguished name for actual user authentication. This frees the user of the burden of remembering and keying in the complex and length and distinguished name. As an option, configurations allow for supplying a domain for all users (domain@useraccount) or in the absence of this domain name, having the user supply their domain name in the event the users may span multiple domains which is typical for larger corporate environments. If the domain is specified, it will be added to the user supplied username (domain@username).

Note: The key parameters applicable to this step are FILTER_ATTRIBUTE (i.e. uid) and DN_ATTRIBUTE (i.e. dn). As an example, a filter using the above parameters would perform a filter search of uid=<username_supplied_by_user> and return an attribute by the name of dn, which holds the distinguished name value.

Optionally, SEARCH_SCOPE and REFERRAL_CHASING are available to provide greater flexibility and are described in detail below.

Search scope options are:

• Base - Limits the search to the base object. The result contains at most one object (value="0").

• OneLevel - Searches one level of the immediate children, excluding the base object (value="1").

• Subtree - Searches the whole subtree, including all children and the base object itself. This is the default (value="2").

Referral chasing options are:

• All - Chase referrals of either the subordinate or external type (value="0").

• External - Chase external referrals. This is the default (value="1").

• None - Never chase the referred-to server. Setting this option prevents a client from contacting other servers in a referral process (value="2").

• Subordinate - Chase only subordinate referrals which are a subordinate naming context in a directory tree. The ADSI LDAP provider always turns off this flag for paged searches (value="3").

Step 3 Binding to the LDAP store using the user’s distinguished name and supplied password. This is the actual authentication of the user being authenticated with the LDAP system retrieved distinguished name and the password supplied by the user at the login page.

Note: Once the distinguished name is gathered, it along with the corresponding password supplied by the user are used to bind to the LDAP store to perform the actual authentication test. The object bound to in LDAP is either the LDAP_PATH, or LDAP_PATH with the BASE_DN appended. The bound object is determined using configurable key parameters of USE_BASEDN_FOR_AUTHENTICATION_BIND to have the BASE_DN value appended to the LDAP_PATH or if both of these are 0 or omitted, the LDAP_PATH value will be used. USE_BASEDN_FOR_AUTHENTICATION_BIND takes precedence over USE_DN_FOR_AUTHENTICATION_BIND if both are set to 1 (enabled). The USE_DN_FOR_AUTHENTICATION_BIND is only applicable to the "direct approach" as documented below. The same authentication type used for the application user bind is in effect for this bind. If the bind is successful, then the user is authenticated.



Direct Approach This authentication approach is provided for backward compatibility with previous versions of TeamCentral and in the event such an approach is more suitable. Essentially, this step consists of step 3 of the "known user approach" described above with the exceptions that the username and password values the user supplies on the login form are used for the bind to the LDAP repository.

Note: If LDAP_DOMAIN is specified, this domain is appended to the username for the authentication bind (domain@username). This would prevent users that all exist in the same AD domain from having to specify the domain in addition to their username at login. Domain names are only applicable for Microsoft AD environments.

General Consult the LDAP configuration sample provided with the TeamCentral installation in the ConfigurationFiles directory for a sample configuration and corresponding annotations of the various configuration settings applicable to the LDAP authentication.

All configuration settings are placed in the Settings.config file. The Settings.config file options sections for specifics regarding this file and its file system location(s).

In the event that more than one LDAP system is to be used for TeamCentral LDAP authentication, this scenario is supported by supplying up to 10 different systems and associated configuration settings in the Settings.config file.

<add key="LDAP_PATH_1" value="LDAP://server:port/base_dn" />

<add key="LDAP_DOMAIN_1" value="domainname" />

<add key="LDAP_PATH_2" value="LDAP://server:port/base_dn" />

<add key="LDAP_DOMAIN_2" value="domainname" />

... etc., up to 10 sets of LDAP system settings. The same principle holds for all the LDAP configurations (i.e. BASE_DN_1) to allow complete flexibility across a collection of LDAP repositories.

Note: The settings (i.e. LDAP_PATH_x) must be in sequence 1 through 10. If there are any gaps in the numbers, TeamCentral will stop checking at the gap. For instance if there is an LDAP_PATH_1, LDAP_PATH_2, and LDAP_PATH_5, TeamCentral will stop checking after LDAP_PATH_2.

Post LDAP authentication

Important: Once successful authentication is performed on the LDAP store, a second level of authentication is performed on the configured TeamMate database, for either the direct or known user approach. If in an AD environment is in use and users enter their domain and username on the login form, this value must exist in the TeamMate database in this form (domain/username) to pass the TeamMate database authentication test. If the account is inactive in the database or the system policy is to disallow client access and the database lists the authenticated user as a client (a.k.a. contact) then an appropriate message will be displayed on the login page informing the user of this situation and subsequently disallowing entry into the application.

Appendix F: TeamMate Registration File (tmreg.ini)

TmReg.exe is a registration utility that will configure the current user’s registry settings for TeamMate.exe (EWP). When executed, it will read the contents of a custom configuration file (tmreg.ini) and register the contents in the registry. TmReg.exe is located in the bin directory of the client installation.



TmReg.ini is primarily used to customize the HKCU registry for file default locations (paths) and TeamMate Explorer path settings. The TmReg.ini must be in the \Bin directory with the TmReg.exe program. TmReg.ini can also be used to customize other registry string entries that are stored in HKCU.

Recommend Process (steps detailed in following sections)

1. Setup one PC’s TeamMate Preferences and TeamMate Explorer Tabs

2. Run tmreg.exe and create configuration file

3. Edit the tmreg.ini file with a text editor

4. Distribute the tmreg.ini file to your users.

5. Apply the configuration file

Creating the configuration file

There are two options for creating the configuration file.

Create Manually

1. Create a new text file

2. Rename the file to tmreg.ini

3. Add desired settings

4. Save the file

5. Copy the file to the Program Files\TeamMate\bin folder



Create from Existing Settings

1. Setup an existing installation with desired settings (tabs, locations ,etc)

2. Launch TmReg.exe from the Program Files\TeamMate\bin folder

3. Go To File Save Custom Registry

4. Choose the Program Files\TeamMate\bin folder

Specifying Numeric Values

For registry values where the data type is REG_DWORD then the values must be handled by placing the tag <numeric> immediately preceding the value to be set – ensure that no spaces are used. For example, to set the auto save setting to 10 minutes the following will work:

[Preferences]

AutoSaveMinutes=<numeric>10

Specifying Special Folders

In many cases, however, the administrator wants to setup the preference to a special folder that is dependent on the user’s login. The most common and natural ones are My Documents and Program Files. Two additional tags supported are now <My Documents> and <Programs> but make sure no spaces are used after these tags as sub-directories can be added with an opening \ required. For example, the following would be very common:

[Paths]

BasePath=<Programs>\TeamMate

BinPath=<Programs>\TeamMate\bin

LibPath=<Programs>\TeamMate\lib

TemplatePath=<Programs>\TeamMate\Templates

CustomTemplatePath=<Programs>\TeamMate\Templates\custom

ReportPath=<Programs>\TeamMate\reports

StorePath=<Programs>\TeamMate\stores

RepositoryPath=<Programs>\TeamMate\Repositories

TransferPath=<My Documents>\TeamMate\transport

MasterPath=<My Documents>\TeamMate\data

ReplicaPath=<My Documents>\TeamMate\repl

BackupPath=<My Documents>\TeamMate\backup

ImportPath=<My Documents>\TeamMate\Import

In this example, it is likely that the paths would be set in the registry as:



BasePath=C:\Program Files\TeamMate

MasterPath=C:\Document and Settings\username\My Documents\TeamMate\data

If the re-register flag is set or the user manually calls Load Configuration from tmreg.exe, the process occurs regardless of the version. This is the same as before.

Note: With Windows Vista TmReg.exe must be launched as an administrator

5. Save

6. Open the file and modify settings as needed (policy version, etc)

Example tmreg.ini file

;HEADER: EWP Registration Tool (vR7.1) - Tue Jul 07 08:56:55 2009

;HEADER: Created by TmReg.exe

[CONTROL]

VERSION=2

RESETEXPLORER=1

[AutoText]

1=<Initials>, <ShortDate>

2=<Initials>, <LongDate>

3=<FullName>, <ShortDate>

4=<FullName>, <LongDate>

5=<Time>

[DATABASE]

NoUnc=<numeric>1

[Explorer Tabs]

Master=C:\Documents and Settings\Teammate\My Documents\TeamMate\data|0|||||

MSSQLServerDatabase=|1|C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect\dbconnect.tmc|Latest_Sample_SqlServer||TS|0;0;0;~;0;

OracleDatabase=|1|C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect\dbconnect.tmc|Latest_Sample_Oracle||TS|0;0;0;~;0;

Local=C:\Documents and Settings\Teammate\My Documents\TeamMate\repl|0|||||

[Help]

HelpPath=c:\Program Files\TeamMate\help

[HTML]

AutoFormatHTML=<numeric>1

DefaultPaste=<numeric>1



[MRU]

RepositoryHTTPConnectionTitle=Latest_Blank_SqlServer

CentralSendOption=<numeric>0

MaximizedMode=<numeric>1

[Paths]

ConnectPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect

BasePath=c:\Program Files\TeamMate

BinPath=c:\Program Files\TeamMate\bin

LibPath=c:\Program Files\TeamMate\lib

TemplatePath=c:\Program Files\TeamMate\Templates

CustomTemplatePath=c:\Program Files\TeamMate\Templates\custom

ReportPath=c:\Program Files\TeamMate\reports

TransferPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\transport

MasterPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\data

ReplicaPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\repl

BackupPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\backup

ImportPath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Import

StorePath=C:\Documents and Settings\Teammate\My Documents\TeamMate\Connect

HTTP_TEAMCENTRAL=http:\\MyWebSever\TeamCentral

HTTP_TEAMSCHEDULE=http:\\MyWebSever\TeamSchedule

HTTP_TEC=http:\\MyWebSever\Tec

HTTP_TEAMRISK=http:\\MyWebSever\TeamRisk

[Preferences]

LockTimeOut=<numeric>200000

AutoSaveMinutes=<numeric>5

StatusBar=<numeric>0

[Fonts]

TextField=-13,0,0,0,400,0,0,0,0,3,2,1,34,Arial



Configuration File Sections

[CONTROL]

VERSION=1

RESETEXPLORER=1

Version specifies the version of the registry for comparison. If the number of the version in the .ini file is greater than the version in the registry, then the settings in this .ini file will be applied to the registry by TeamMate (EWP) when TeamMate is run. If the version in the file is less than or equal to the registry value then no changes are made.

Reset Explorer specifies if the current Explorer tabs are replaced or added to. If ResetExplorer = 1 then the tabs are replaced. If ResetExplorer = 0 then the tabs specified in the configuration file are added to the tabs in EWP.

The version setting is stored in the following registry key:

HKEY_CURRENT_USER\Software\CCH\EWP\TeamMate\RegVersion

[Help]

GuidanceFile=H:\TeamMate\Help\xxx TeamMate Protocol.doc

This sets the Local Guidance Location.

[Fonts]

TextField=-13,0,0,0,400,0,0,0,0,3,2,1,34,Arial

This sets the default font in user populated windows.

[AutoText]

1=Effective.

2=Adequate - Effectiveness Tests Performed.

3=Ineffective - No Substantive Tests Performed.

4=Ineffective - Substantive Tests Performed.

5=Inadequate - Substantive Tests Performed.

6=Adequate - No Effectiveness Tests Performed.

7=Inadequate - No Effectiveness Tests Performed.

8=<Initials>, <ShortDate>

9=<Initials>, <LongDate>

10=<FullName>, <ShortDate>

11=<FullName>, <LongDate>



12=<Time>

This sets the auto text that can be used in TeamMate fields.

[MRU]

RepositoryHTTPConnectionTitle=Latest_Blank_SqlServer

This sets the default connection title to use when sending to TeamCentral. This has the effect of pre-populating this field in the send Wizard in the TeamMate Project File.

Note this option is only used in a distributed model.

Note: The file above had additional fields added to it. When creating a file from the existing registry values the following sections are exported.

• Paths

• Explorer Tabs

• Preferences

• AutoText

• Colors

• Fonts

• Grouping

• Help

Manually Applying the configuration file

1. Ensure EWP is closed

2. Open TmReg.ini from Program Files\TeamMate\bin

3. Select File Load Custom Registry

4. Browse for the updated INI file

5. Click Open to apply the settings

6. Launch EWP – the new settings should be visible

Automatically apply the configuration file

When TeamMate.exe is launched the Program Files\TeamMate\bin folder is scanned for the tmreg.ini file. If found, TeamMate checks for the [CONTROL] section and if found begins the version comparison process. Once this process is complete, TeamMate.exe loads with the most current registry settings.



See Configuration File Sections for more information surrounding the versioning process.

Appendix G: EWP Project Conversion File (conversion.tml)

The conversion.tml file is used with distributed EWP projects only. Projects that are centralized are managed within the centralized database. With R9 the conversion.tml has two format options (INI and XML). The INI format is not compatible with new R9 features. It can only be used for conversion. The XML format is the new standard and can be used to modify existing R9 projects as well as converting prior projects.

Converting existing projects

When converting R8 projects no changes will be made to the project based on the conversion.tml file. When converting R7 projects to R9 the conversion.tml file settings will be automatically applied if no prior registry setting for converting projects is set.

Converting Exception Tabs (R7 Projects Only)

One of the most complex issues of converting R7 projects is how to handle the configurable exception tabs that are present. In R8 and R9, the auditor "recommendation" and "contact" response are key data elements that are handled in the suite.

When converting a project, TeamMate looks for the following registry key.

HKEY_CURRENT_USER\Software\CCH\EWP\DATABASE\ConversionMap

If the registry key is found then that value is used for conversion. If the registry key is not found then TeamMate will search the conversion.tml file for the following section.

[CONVERSION]

RECOMMENDATION=1

RESPONSE=2

NO_PROMPT=1

The above indicates to TeamMate that the "recommendation" tab from the auditor was the first tab on the bottom of the TeamMate R7 form and that "response" from the client (contact) tab was the 2nd tab of the bottom of the form. To prevent the user from being prompted for this choice during the conversion process the "NO_PROMPT=1" option has been set. To allow the user to still be prompted, change "NO_PROMPT" to a value of "0".

If the [CONVERSION] section is not in the conversion.tml file (or the file is not present) the user will be prompted with a dialog box as to how they want to have the conversion do the mapping. Their selections will then be stored in their Windows registry and will be the default for the next project converted.



Implementing New Categories

In order to implement new category selections on all projects, edit the conversion.tml file with values as in the following example. The sort order must be incremented for each category section.

<Categories>

<Category Type="ProjectGroups">

<Items>

<Item>

<Value>ProjectGroup1</Value>

<SortOrder>1</SortOrder>

</Item>

<Item>



</Item>

</Items>

</Category>

</Categories>

Implementing New Terminology Labels

Project terminology labels can be controlled through the use of this file. Terminology labels listed in the file can be hidden and edited. The Name of the Terminology items is required along with the value and whether or not it is hidden from view in the application.

<TerminologyItems>

<TerminologyItem Name="ProjectObjective">

<Value>ObjectiveText</Value>

<Hidden>0</Hidden>

</TerminologyItem>

</TerminologyItems>

Implementing New Policies

The following section describes the policies that can be modified with the user of the conversion.tml file. The syntax is displayed below.

<Policies>

<Policy ID="100">1</Policy>

</Policies>



The following table lists all available policies for use with the conversion.tml file.

ID Policy Type Policy Description

100 Team TM_Team_Include Include team members in library file

101 Team TM_Team_NoAdmin Restrict adding of administrator in projects

200 Freeze Policies TM_Freeze_Terminology Freeze terminolog policies

201 Freeze Policies TM_Freeze_Categories Freeze all categories

202 Freeze Policies TM_Freeze_Advanced Freeze all advanced properties

203 Freeze Policies TM_Freeze_Custom Freeze all custom property names

204 Freeze Policies TM_Freeze_AutoBackup Freeze auto backup settings

205 Freeze Policies TM_Freeze_Profile Restrict profile editing to Project Owner, Manager, or Lead

300 Signoff Policies TM_Signoff_ResetEdit Reset state when an item is edited by same member as last signoff

301 Signoff Policies TM_Signoff_NoDelete Do not delete edits within signoff history upon signoff

302 Signoff Policies TM_Signoff_PrepareFirst Restrict reviewer signoff until item has been prepared

303 Signoff Policies TM_Signoff_ReviewDiff Restrict team members from being the last preparer and reviewer on an item

304 Signoff Policies TM_Signoff_ResetPrepare Reset state to prepared when edited since review and item is prepared again

305 Signoff Policies TM_Signoff_BatchSignoff Allow batch signoff of work papers

400 Finalization Policies TM_Finalize_Restrict Restrict finalization process only to Admin, Manager, and Lead

401 Finalization Policies TM_Finalize_HaltEX Force HALT for exceptions not reviewed

402 Finalization Policies TM_Finalize_HaltPS Force HALT for programs not reviewed

403 Finalization Policies TM_Finalize_HaltWP Force HALT for work papers not reviewed

404 Finalization Policies TM_Finalize_HaltProcedure Force HALT for procedures not reviewed

405 Finalization Policies TM_Finalize_HaltProcedure_Prep Force HALT for procedures not reviewed or prepared

406 Finalization Policies TM_Finalize_RetainNote Force retention of coaching notes

407 Finalization Policies TM_Finalize_RetainHistory Force retention of complete edit history

408 Finalization Policies TM_Finalize_SendCentral Restrict send to TeamCentral until finalization complete (Distributed only)

409 Finalization Policies TM_Finalize_ReplicaNoFinal Restrict finalization if replicas are outstanding

410 Finalization Policies TM_Finalize_NoUnfinalize Restrict ability to un-finalize

500 Lock Policies TM_Lock_Global Prohibit changes to these policies by an administrator in the created projects (project lock)

501 Lock Policies TM_Lock_Project Prohibit changes to these policies in any subsequent library (global lock)

502 Lock Policies TM_Lock_Reencrypt Force re-encryption of created projects with a unique encryption key



ID Policy Type Policy Description

600 General Policies TM_General_HideScorecard Hide Scorecards

601 General Policies TM_General_AutoCalcCost Automatically calculate 'tracked' exception costs in Profile Summary

603 General Policies TM_General_NoProjectCustom Hide Profile Custom Properties

604 General Policies TM_General_NoEncrypt3rd Do not encrypt 3rd party documents

605 General Policies TM_General_Milestones

606 General Policies TM_General_PDF_TeamImage

Automatically associate imported PDF documents with TeamImage

607 General Policies TM_General_NoProjectRisk Hide Profile Risks

620 Security Policies TM_Security_WindowsAuth Use Windows Authentication rather than Basic Authentication for login

621 Security Policies TM_Security_RestrictSaveLib Restrict Save as Library to the Admin, Manager and Lead

622 Report Import TM_Security_ReportImport Allow 360 Report Import by normal users (otherwise restricted to Admin, Manager and Lead)

623 Restrict discard replica TM_Security_ReplicaDiscard

700 Integration Policies TM_Integration_OnlyAdminAddTeam

Restrict adding of team members to those defined within a TeamMate Suite Database

701 Integration Policies TM_Integration_NoPrjCreate Restrict project creation to those planned to the TeamMate Suite Database

702 Integration Policies TM_Integration_PlanReadOnly Restrict Profile editing if created from TeamMate Suite Database

703 Integration Policies TM_Integration_CostReadOnly Disable Profile actual costs editing when TeamMate TEC is used

704 Integration Policies TM_Integration_TrackRecs Recommendations are tracked in TeamCentral

705 Integration Policies TM_Integration_OnlyAdminAddContact Restrict adding contacts to Administrators only

800 WorkFlow Policies TM_Workflow_ProcedureEditAssign Restrict procedure editing based on assignment (work program is not locked)

801 WorkFlow Policies TM_Workflow_WPEditAssign Restrict work paper editing based on assignment

802 WorkFlow Policies TM_Workflow_ProcedureAutoAssign Automatically assign added procedures

803 WorkFlow Policies TM_Workflow_WPAutoAssign Automatically assign added work papers

804 WorkFlow Policies TM_Workflow_Authority_MgrLead

Authorization model for assignments and editing is based on Project Ownership rather than Role Hierarchy

805 WorkFlow Policies TM_Workflow_Edit_Individual Further restrict editing to assignee only



Sample conversion.tml File (XML format)

<ProjectUpdate Version="9.0.0">

<Name>R8 Conversion Library</Name>

<Comments>Sample Conversion.TML File</Comments>

<Author>CCH</Author>

<UpdateVersion>9</UpdateVersion>

<Properties>

<EncryptDatabase>1</EncryptDatabase>

<EncryptWorkpapers>1</EncryptWorkpapers>

</Properties>

<Conversion>

<RecommendationTab>1</RecommendationTab>

<ResponseTab>2</ResponseTab>

<PromptUser>1</PromptUser>

</Conversion>

<ScheduleFolders>

<ScheduleFolder Code="AS">

<Title>Audit Summary</Title>

<ScheduleFolders>

<ScheduleFolder Code="AS1">

<Title>Current Exceptions</Title>

</ScheduleFolder>


<Title>Reports</Title>

</ScheduleFolder>


<Title>Risk Documents</Title>

</ScheduleFolder>

</ScheduleFolders>

</ScheduleFolder>

<ScheduleFolder Code="PG">

<Title>Program Groups</Title>

<ScheduleFolders />

</ScheduleFolder>

</ScheduleFolders>

<Tickmarks />



<TerminologyItems>

<TerminologyItem Name="ProjectObjective">

<Value>Objective-ABCDXZX</Value>

<Hidden>0</Hidden>

</TerminologyItem>

<TerminologyItem Name="ProjectBackground">

<Value>Background-ABCZZZZ</Value>

<Hidden>0</Hidden>

</TerminologyItem>

</TerminologyItems>

<Categories>

<Category Type="ProjectGroups">

<Items>

<Item>



</Item>

<Item>



</Item>

<Item>



</Item>

</Items>

</Category>

</Categories>

<Policies>




</Policies>

<CustomFields />

</ProjectUpdate>

TeamMate Configuration Guide

Documents

Transcript of TeamMate Configuration Guide