Enable Bitlocker on Removable Drive

WindowsWhen I joined ISC Software I was given a new laptop and associated peripherals which included a removable 1TB SSD. As this SSD travels with me, one of the first things I did was encrypt it with BitLocker.

To encrypt a drive with BitLocker, launch Windows Explorer, right click on the drive and select Turn BitLocker On. When the BitLocker Drive Encryption window appears, click Encrypt this drive using BitLocker Drive Encryption:

Bitlocker Drive Encryption

Continue reading “Enable Bitlocker on Removable Drive”

Disable IE Enhanced Security Configuration

Windows ServerI do a lot of work in virtual machines and this work often involves using the web browser; this is usually just for web client, SSRS or other similar local pages, but even then Internet Explorer Enhanced Security Configuration will get in the way and need to be disabled.

I never remember where the setting for this is, so I am posting here to make it easy to find in future. To change the setting, open Server Manager; in the left pane, click Local Server:

Server Manager > Dashboard

In the main section of the page, click the word ON next to IE Enhanced Security Configuration:

Continue reading “Disable IE Enhanced Security Configuration”

Microsoft Dynamics GP In-Transit Transfer Document Locked

Microsoft Dynamics GPWhile I was looking at the problem raising In-Transit Transfers I needed to delete all orders with alpha numeric Document Numbers, but was getting an in use error on one of them:

Document is in use error

Continue reading “Microsoft Dynamics GP In-Transit Transfer Document Locked”

Add Company Access Back to sa User

Microsoft Dynamics GPWe’re busy doing some work for a client for whom we’ve recently taken over the support of their Microsoft Dynamics GP implementation. For the initial set of projects, we’re assisting them in the creation of a standalone test systemm. When you do this, the first thing you need to do is log in using the sa account and reset passwords.

However, we found that at some point in the past, all company access had been removed from the sa user account leaving us unable to log into Dynamics GP.

Fortunately, company access is only stored within one table in the system database: User-Company Access (SY60100).

The SQL below will add company access back to the sa user for all company databases:

/*
Created by Ian Grieve of azurecurve|Ramblings of a Dynamics GP Consultant (http://www.azurecurve.co.uk)
This code is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0 Int).
*/
INSERT INTO SY60100
	(TRKUSER,USERID,CMPANYID,SRBCHSEC_1,SRBCHSEC_2,SRBCHSEC_3,SRBCHSEC_4,SRBCHSEC_5,SRBCHSEC_6,SRBCHSEC_7,SRSFNSEC_1,SRSFNSEC_2,SRSFNSEC_3,SRSFNSEC_4,SRSFNSEC_5,SRSFNSEC_6,SRSFNSEC_7,MSCPRMIS)
--VALUES
	(
	SELECT
		0,'sa',CMPANYID,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF,0xFFFFFFFF
	FROM
		SY01500 AS ['Company Master']
	WHERE
		(
		SELECT
			COUNT(*)
		FROM
			SY60100 AS ['User-Company Access']
		WHERE
			['User-Company Access'].CMPANYID = ['Company Master'].CMPANYID
		AND
			['User-Company Access'].USERID = 'sa'
		) = 0
	)
GO

After you’ve run the above to add company access back, you also need to run the SQL insert statement in this post to add POWERUSER access as well.

With the two scripts run, the sa account can be used to reset the DYNSA user and other user accounts.

Implementing SmartList Builder: Security

eOne SolutionsThis post is part of the series on Implementing SmartList Builder from eOne Solutions.

The final element to readying SmartList Builder for use is to configure security so that users without the POWERUSER* role can access it. While this step isn’t absolutely necessary, I would encourage people not to over use the POWERUSER* role.

A better approach would be to create a Super User role instead. Both this role and standard user roles will need to have access to the SmartList Builder windows granting.

This is easy to do, as SmartList Builder ships with some default security tasks and a role:

Security Role Setup

Assign this role to the relevant user or assign the tasks to existing roles and user will, next time they login, be able to access the SmartList Builder window.

Create User or Assign Company Access Without Using sa

Microsoft Dynamics GPWith Microsoft Dynamics GP, there are only two user accounts which can, by default, create new users or assign access to companies; these the the sa (SQL Server System Administrator) and DYNSA (Dynamics GP System Administrator).

The former account should only be used when absolutely necessary (such as when implementing Microsoft Dynamics GP or moving it to a new SQL Server Instance; there are some ISV products which also insist on the sa account when it isn’t strictly necessary from a tecHnical perspective).

The recommended way of maintaining security is to configure a normal user account with the permissions necessary to create and assign users to companies. There are a few steps to go through to assign the relevant security.

Mark Polino did a post a while ago on adding users without using the sa account, but, in this post, Mark assigned the sysadmin role to the user. While this will do the job, and in fewer steps, I prefer to lock down security so users only have the permissions required, which precludes assigning a sysadmin role. The reason for this is both best practice, but also that I have several clients who will not allow the sysadmin role to be assigned to a GP user.

The following steps cover the minimum security required for a user to be able to add new users or assign them access to companies.

Assign the user to all companies in Microsoft Dynamics GP (this is done in the User Access Setup window (Administration area page » Setup » System » User Access):

User Access Setup

Continue reading “Create User or Assign Company Access Without Using sa”

Implementing Enhanced Notes: Configure Security

GP Elementz Enhanced NotesThis post is part of a series on Implementing Enhanced Notes from ISC Software Solutions.

When Enhanced Notes is deployed to a company, there are two security roles created:

  1. ENHANCED NOTES – which gives users access ton the Enhanced Notes instead of the standard Dynamics GP Notes window.
  2. ENHANCED NOTES SETUP – which allows users to change the configuration of the Enhanced Notes module.

All non-POWERUSER* users are automatically assigned the Enhanced Notes security role when it is installed, but future users will need to be assigned it via User Security Setup (Adminstration » Setup » System » User Security):

User Security Setup

Any user other than a POWERUSER* will need to be assigned the Enhanced Notes Setup role.

Have an enquiry for ISC Software Solutions?

If you’re interested in speaking to ISC Software about consultancy, upgrades, implementation, development, GP Elementz add-ons or portals, or anything else, you can use the form below.





Your Name (required):
Your Email (required):
Subject:
Enquiry message:

Implementing SmartConnect: Configure Security

eOne SolutionsThis post is part of the series on Implementing SmartConnect, an integration tool from eOne Solutions, which can take data from any source and integrate it into Microsoft Dynamics GP (and other systems such as Microsoft Dynamics CRM or Sales Force amongst others). It has a drag and drop interface to make creating integrations quick and easy for all users rather than just developers (as many integration tools target).

For SmartConnect to function correctly, the service account needs to be added as a user. Do this by opening the Security window from the Setup tab:

SmartConnect Setup tab

Continue reading “Implementing SmartConnect: Configure Security”

Implementing SmartConnect: Assign SQL Login Security

eOne SolutionsThis post is part of the series on Implementing SmartConnect, an integration tool from eOne Solutions, which can take data from any source and integrate it into Microsoft Dynamics GP (and other systems such as Microsoft Dynamics CRM or Sales Force amongst others). It has a drag and drop interface to make creating integrations quick and easy for all users rather than just developers (as many integration tools target).

A couple of days ago, I covered the installation of SmartConnect, but there are a few additional steps required.

One of these steps is to configure the SmartConnect account with access to update mdgp. This account is the one used by SmartConnect when running the maps; it requires DYNGRP access to all of the mdgp databases in order to both select, insert and update information.

To do this, open SQL Server Management Studio, expand the Security and Logins nodes, find the SmartConnect user account created during the installation, right-click and select Properties.

Select User Mapping, select the DYNAMICS database (assuming you’re using the default system database name), scroll down in the bottom of the window and mark DYNGRP:

SQL Login Properties

Repeat the above step for all of the companies databases and then click OK to commit the changes.