Terminal Services and AccountEdge
AccountEdge and Terminal Services
AccountEdge technical support is unable to provide support for issues relating to hardware, networking or operating system problems. In accordance with this policy we do not provide technical support for the operation of AccountEdge in a terminal server environment. The wide range of potential technical issues when running under Terminal Server means that our support staff are unable to provide technical support for this operating environment. AccountEdge has not been tested in a terminal server environment and makes no claims as to AccountEdge's stability or suitability when used in this environment. We suggest that if you are going to attempt to use AccountEdge in a terminal server environment you contact an IT or network professional.
Frequently Asked Questions
Why do people start running AccountEdge on a Terminal Server installation?
In our experience people do so for two reasons:
- They already run all their software under terminal server and want to maintain a common platform from which to service their IT infrastructure.
- They have a company file which is larger than 200 MBs or they are running more than four concurrent users in one data file. Large files and more than four users will start to create a network load which will give slow performance to all users.
Do people encounter problems when running/setting up AccountEdge in the Terminal Server environment?
Yes, mostly these relate to permissions on the terminal server user. AccountEdge accesses dll and ocx files which are stored in the system32 directory. Users need access to this area as well as a number of other areas that administrators may not assign normally. Other potential issues that can occur involve printing and print setup.
Why doesn’t AccountEdge encourage people to use Terminal Server if they can see it works so well for large users of the product?
Answer: Terminal Server is an expensive option for most small businesses. We recommend that any business carefully considers the investment required in hardware, software and IT support before committing to the Terminal Server environment.
Configuration and Setup
The information supplied within this support note is supplied for your reference and is in reference to a standard Workgroup environment running Windows Server 2003 Standard Edition, with an NTFS file system and Microsoft Office 2003 pre-installed. They may differ to actual settings or screens encountered during setup in alternate configurations.
As per the installation documentation supplied with the application, it is recommended to have Microsoft Office installed prior to the AccountEdge installation to enable the drivers for the “Officelink” process to be installed and registered correctly.
During installation the user logon to Windows must be the Administrator. This is a different and distinct thing from a user account that is a member of the Administrator group. It is then a simple matter to copy the shortcuts from the Administrator’s desktop to the C:\Documents and Settings\All Users\Desktop folder if giving access to the desktop to all terminal server users and make Premier available to terminal services users. It is also possible to have terminal services clients run a specific application on connection and prevent access to the desktop or start menu giving added security. Further information regarding this can be obtained from the help files of Windows 2003 Server.
If you are unaware of the Administrator password for your server, please contact the technician who installed your server operating system to obtain the password entered during installation.
Setting Up Users & Groups
It is recommended to setup each user as a local user on the Terminal Server. It is by adding the users to the Remote Desktop User group that a terminal server logon by the user account is achieved.
Directory and file permissions can then be set on the remote desktop user group giving a uniform level of access to all terminal services logons.
To create a new user account:
- Click Start, All Programs, Administrative tools and select Computer Management.
- Click Local Users and Groups.
- Right-click the Users folder and add New User.
- To add users to groups double-click the group from the groups folder and then select add.
How do I set the file and folder permissions?
Setting the correct file and folder permissions for your Terminal Server users allows you to give full functionality to your MYOB users, whilst protecting the server’s critical system files from un-authorised access to maintain the security of your server system.
To access the permission settings of files and folders, right-click the file or folder, select Properties and click the Security tab.
Listed below are the individual folder and file permission settings that must be checked and allocated after installation of MYOB Premier Enterprise to the User and/or User Group the clients are logging into the server with.
Note: The installation folder (C:\AccountEdgePro2015) refers to Premier Enterprise v24 and may differ depending on your version of AccountEdge. For example, yours may be C:\AccountEdgePro2012 or C:\AccountEdge2011.
The most common access permission issues are due to a difference in the permission settings that apply to a user from different locations. In addition to the directory and file permissions allocated to a user account, the user will also inherit permission settings from any groups it is a member of, and the Network logon itself. You can check the directory and file permission settings by using the “Effective Permissions” function of Windows to test and report on settings rather then trusting what is displayed in the properties window.
To access the effective permissions function, click the Advanced button that appears in the Security properties window. You then simply select the User or Group and the settings will display. Further information on this function can be found by clicking the link at the bottom of the Effective permissions window.
The factors this utility uses to determine the effective permissions are:
- Global group membership
- Local group membership
- Local permissions
- Local privileges
What if the permission settings appear correct, but I still have access issues?
The Terminal Server User group or permissions inherited from a Network or Domain logon are not taken into account in the effective permissions tool. Share permissions are also excluded. When a user account is subject to a mixed permission environment, i.e. full control to the user account but read and list within a set of share permissions to the users group, for security purposes Windows will use the most restrictive set of permissions or privileges (read and list). This can result in what appears to be correct settings in the security properties dialog or when tested using effective permissions but still an inability to write to a file or even view a folders contents.
In this instance it can be easier and a lot faster in a complicated network with many different groups, shares and possibly domains or workgroups to recreate the user account and set the permissions from scratch. This is also an option in standard or less complicated configurations.
Please note if using a Workgroup configuration, after a user account is first created you must logon to the server locally at least once so you may assign a password to the user account.
User accounts without a password will not gain connectivity to the server via the network.
If running in a Domain, ensure the Allow Logon to Terminal Services option is enabled in the user accounts properties and that the user has been added to the Remote Desktop User group.
Warning: You should ensure you transfer any user files on the server in the C:\Documents and Settings\%UserName% folder to a temporary folder prior to deleting the user account where %Username% is the user account name. Then after the user account has been recreated, you can transfer the files back to there original locations.
What if a user is prevented from logging into AccountEdge?
If a user logs out of the remote server but doesn't log out of AccountEdge, the user will be prevented from logging back into AccountEdge - a message will be displayed advising they are already logged in. This can be resolved by restarting the server.
This support note has been created to enable you to allow full functionality of your AccountEdge software, while maintaining the security level of your Terminal Server.
As the setting of file permissions and creation or editing of user accounts are all functions of the Microsoft Windows Server operating system, it cannot be supported by AccountEdge.
Any questions regarding the functions of Windows described within this document are best directed at your Network Administrator, I.T Consultant/Technician or Microsoft.