Worldox Advanced Security (Active Directory Integration ...
DMS Active Directory NTFS Security Punch List
System Administrator
In order to activate Worldox’s Active Directory NTFS security integration for your Worldox cabinets, we’ll need this punch list completed and returned to us.
Instructions: Please complete this punch list electronically and e-mail it to support@
Please direct any questions regarding this punch list to support@
Overview
Worldox has a two-tier security enforcement model. The first tier consists of enforcement inside the Worldox application itself. The second tier involves pushing the behavior of the Worldox security model into the NTFS security on the file system. When the second tier is enforced, the Worldox Indexer is responsible for interpreting the Worldox security requirements and pushing those settings into NTFS. It does so by integrating with the Active Directory of the site.
The overall approach involves the following components:
[pic]
• File Server – stores the document repository (also called the ‘DocVault’) and enforced NTFS security
• Domain Controller – runs Active Directory, which manages Users and Groups that Worldox will use to enforce NTFS security
• Indexer PC – performs background processing to create necessary Active Directory groups, adjust membership of those groups, and to push security for those groups into NTFS for the appropriate folders and files
System Requirements
Domain Controller must be Windows Server 2003 or above, with Active Directory enabled.
Domain Controller Configuration
|( |Create a new AD Security group called WDADMINS: |
| | |
| |In Active Directory, right-click on the Users folder, New > Group |
| |Set: |
| |Name: WDADMINS |
| |Group Scope: Global |
| |Group Type: Security |
|( |Add the Indexer user to required groups: |
| | |
| |In Active Directory, right-click on the Indexer user, select Properties |
| |Switch to the Member Of tab |
| |Make the Indexer user a member of the following two security groups: |
| |WDADMINS group |
| |Account Operators group (this is a built-in group in AD) |
| | |
| |Why: The indexer must be part of the Account Operators group so it can create groups and manage membership to accurately reflect the |
| |Worldox security model. The Indexer will not manipulate any groups that are already in Active Directory. |
| | |
| |Note: the Indexer user may be different from simply ‘Indexer’ – please use whatever username is used for logging into the Indexer PC.|
|( |Ensure that the Indexer user has permissions to adjust NTFS security of all folders and sub-folders in the DocVault folder structure. |
| | |
| | |
| |If you have ever set special NTFS security restrictions on any part of the DocVault folder structure, check the effected folders and |
| |confirm that, when logged on as the Indexer user, you can manually make adjustments to the NTFS security of those folders. |
|( |Set security on the following file (where “X” is the network drive to which Worldox is installed): |
| | |
| |X:\Worldox\Shared\wdusers.ini |
| | |
| |to be as follows: |
| |WDADMINS group: “Full Control” |
| |All other users (generally, Domain Users): “Read” and “Read & Execute” only |
|Important: The above security change, if done improperly, can result in the site’s entire Worldox system failing to work. Given the huge |
|downside risk (system completely unusable), we have found that spending a few extra minutes performing the following tests is well worth the|
|time: |
|( |On the Indexer PC, log the Indexer user out of Windows, then log back in (as the Indexer user) to apply the changes |
|( |On the Indexer PC, confirm that you can open X:\Worldox\Shared\wdusers.ini then immediately do a File > Save without being prompted |
| |for a Save As location |
| | |
| |Note: If you get prompted for a Save As location, then the file is Read Only and something has gone wrong with the security adjustment|
| |on that file. |
|( |On a regular user’s workstation, confirm that when you open X:\Worldox\Shared\wdusers.ini then immediately do a File > Save that you |
| |*do* get a Save As prompt |
| | |
| |Note: If you do not see the file, or you are able to save without getting a Save As prompt, something has gone wrong with the security|
| |adjustment on that file. |
Schedule Trumpet to Finish the AD Integration
|( |Once this punch list is complete, please email it to support@ – Trumpet will then schedule time to connect to the |
| |Indexer PC and enable AD integration |
Please direct any questions regarding this punch list to support@.
-----------------------
web: ( 4327 E. San Gabriel Avenue ( Phoenix, AZ 85044 ( phone: 480.961.6003
web: ( 4327 E. San Gabriel Avenue ( Phoenix, AZ 85044 ( phone: 480.961.6003
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- step by step guide to managing the active directory
- active directory integration
- when a computer joins an active directory domain for
- script for windows 2003 single label domain rename
- step by step guide to managing the active directory for
- title of lesson
- worldox advanced security active directory integration
- active directory planning worksheets
- webvram administration module user guide
- procedure citrix sabhrs document direct logon and
Related searches
- active directory password dictionary check
- active directory banned password list
- active directory users account
- active directory change user name
- active directory account types
- active directory user types
- active directory user permissions
- active directory users and computers install
- active directory users and computers downloads
- active directory users and computers access
- active directory export
- active directory export to excel