1 ATIPXpress PAL Deployment Introduction
The purpose of this document is to provide instructions for creating the ATIPXpress Public Access Link (PAL) database and installing the ATIPXpress PAL application.
ATIPXpress PAL facilitates the submission of Freedom of Information Act (ATIP) requests over the internet and allows information to be published to the Electronic Reading Room. ATIPXpress PAL supports SQL Databases.
Notes: This document does not provide instructions for installing windows server or Microsoft
.net. Please consult your software vendor for further details concerning these installations.
A single server can be used to install ATIPXpress PAL and all its components, however it is highly recommended to configure separate servers for the ATIPXpress application, database, and repository due to the processing demands of the CPU.
1.1 Standard ATIPXpress and PAL Deployment Architecture
The PAL application URL will be accessible by the public for submitting ATIP requests to your agency. However, the web server and database server must remain secure. The standard deployment includes the following configuration:
The PAL Database, PAL Application, and PAL File Server are installed in the External network (DMZ).
The ATIPXpress Application, ATIPXpress Database, and all applicable services are installed in the local intranet.
The Database Port and HTTPS port are enabled to allow the PAL modules to communicate with ATIPXpress.
The figure below shows the standard AX PAL deployment architecture:
ATIPXpress 11.x Deployment Architecture | |
Internet |
|
Payment Gateway | |
2 PAL Installation Prerequisites
2.1 ATIPXpress PAL Deployment System Requirements
Before proceeding with the installation, it is necessary to do the following:
Install Microsoft SQL Server 2017/2019 on the database server.
Configure the SMTP Server to relay email to the email server while using ATIPXpress PAL.
The SMTP server must be configured to relay e-mail messages to other domains.
Before installing the ATIPXpress PAL database, make sure SQL Server collation is configured for case-insensitive.
Confirm that the application server is set to the same time zone as the organization. This ensures that incoming PAL requests are correctly dated.
The installation package must be deployed from the application server, which must meet the requirements outlined below:
Requirement | Description |
|---|---|
Location | Deployment scripts can be executed from Application server. The script must be executed from application server if the Application or Scheduler are installed. |
User Permissions | The logged-in user should have the local administrator permissions. |
Operating System Requirements | Windows 2016/2019/2022 |
URL Rewrite | Install the Microsoft IIS URL Rewrite extension, available via https://www.iis.net/downloads/microsoft/url-rewrite |
Requirement | Description |
|---|---|
Microsoft .NET Framework 4.8 Runtime | Microsoft .NET Framework 4.8 Runtime must be downloaded and installed. It can be downloaded and installed from the following location: https://dotnet.microsoft.com/en-us/download/dotnetframework/net48 |
SqlPackage | The SqlPackage must be downloaded and installed. It can be downloaded and installed from the following location: |
SqlServer | The SqlServer module must be downloaded and installed on the application server. See the Install SQL Server Module section for steps. |
PowerShell Version | PowerShell 5.1.22621.963 must be installed for deployment using auto deployment. https://www.microsoft.com/en-us/download/details.aspx?id=54616 |
2.2 ATIPXpress PAL Database Account Requirements
There are three accounts which must provisioned to configure the application, database, and repository servers. The table below outlines the type of accounts, their purpose, and their requirements.
Account | Purpose | Requirement |
|---|---|---|
Application Setup | This user installs and configures the ATIPXpress PAL application and its components. | This account is set up as a Domain/Local User and is a member of the Administrators on server groups. |
ATIPXpress PAL Database Creation | This user sets up the PAL database user account and grants any required permissions. | This account is added to the following SQL Server security roles for the user that will create the database either in SQL Server (Windows User) or Windows Authentication Mode (NT User):
|
ATIPXpress PAL Database User | This user performs all ATIPXpress PAL database transactions required for the ATIPXpress PAL Application. | This account must be assigned as a member of the db_owner database role for the ATIPXpressPAL SQL Server database. |
2.3 Install SQL Server Module
Follow the steps below to install the SQL Server Module on the application server:
Navigate to the following link: https://www.powershellgallery.com/packages/Sqlserver/21.1.18256
Under Installation Options, select Manual Download:
Click Download the raw nupk file. The SQLserver .nupkg file downloads.
Locate the downloaded "SQLserverā file, then right click it and select Properties.
On the General tab, select Unblock, then click Apply.
Next, edit the āSQLserverā file extension from .nupkg to .zip.
Extract the .zip package in the downloaded location. After the folder is extracted, remove āsqlserver.ā from the folder name:
Navigate to C:\ProgramFiles\WindowsPowerShell\Modules and create a folder called SqlServer.
Copy the renamed .zip folder from the downloaded location to the SqlServer folder created in the previous step (C:\ProgramFiles\WindowsPowerShell\Modules\SqlServer)
2.4 Enabling Windows Search Service
Windows Search Service allows users to perform search operations on the server. This service is required to perform content searches on documents located in the PAL Reading Room.
Notes:
Administrators are not be able to install windows search services if the indexing service is installed on the server. They must uninstall the indexing service then install the windows search service.
This service must be enabled on the application server.
Follow the steps below to enable Windows Search Service:
Click Start > Server Manager. The Server Manager application appears.
Click Add roles and features. The Add Roles and Features Wizard pop up window appears.
Click Next. The Select installation type window appears.
Select Role-based or Feature-based installation using the radio buttons.
Click Next. The Select Destination Server pop up window appears.
Select a server or a virtual hard disk using the radio buttons.
Click Next. The Select server roles pop up window appears.
Click Features from the left-hand menu, then select Windows Search Service.
Click Next. The Confirm installation selections pop up window appears.
Click Install to start the installation process. The Installation progress pop up window appears:
The installation process begins. This may take a few moments. After the installation completes a confirmation window appears.
Click Close to exit the Add Roles Wizard.
2.5 Enable TIFF files in Windows Search Service
TIFF is a file format for storing images. TIFF files are not enabled for search by default; therefore, you must enable the Windows TIFF IFilter feature in order to search TIFF files.
Click Start > Server Manager. The Server Manager application launches, as shown below.
Click Add roles and features. The Add Roles and Features Wizard pop up window appears.
Click Next.
Select Role-based or feature-based installation.
Click Next.
Select from the available options.
Click Next.
Select Features.
Select Windows TIFF IFilter.
Click Next.
Click Install.
The installation process continues. This may take a few minutes. On conclusion, an installation confirmation appears:
Click Close to exit the Add Roles Wizard.
2.6 Enable PDF in Windows Search Service
PDF files are not enabled for search by default; you must install the Adobe PDF IFilter feature to search PDF files. Follow the steps below to enable PDF in Windows Search Service.
Download and install Adobe PDF IFilter 9 from the following link:
ftp://ftp.adobe.com/pub/adobe/acrobat/win/9.x/.
Restart the Windows Search Service after installing Adobe PDF IFilter 9/11:
Click Start > Administrative Tools > Services. The Services application launches.
Scroll down and select Windows Search.
Click Action > Restart. The Service Control pop up window appears.
Select File > Exit to close the Services application.
Click Start > Control Panel > Indexing Options. The Indexing Options pop up window appears.
Click Modify to add the Reading Room root folder.
Add the electronic reading room root path to the included locations (e.g. C:\PALRepo\AFXWERR\):
Click Advanced. The Advanced Options pop up window appears.
Click the Rebuild button located in the Troubleshooting section. The Rebuild Index pop up window appears.
Click OK. The Indexing Options window changes to display the rebuild progress. This may take several minutes to complete. Once the rebuild is completed, the Indexing Options window will indicate the total number of items rebuilt.
Click Close to exit the Indexing Options feature.
Close the Control Panel window.
3 Download the Installation Package
The FOIAXpress installation package contains the files needed to install ATIPXpress PAL. Contact casepoint support at support@casepoint.com for your installation package.
After downloading the package, follow the steps below to unzip the file:
Locate the downloaded .zip file, then right click it and select Properties.
On the General tab, select Unblock, then click Apply.
Next, unzip the contents of the folder. The contents of the package appear as shown in the following example:
3.1 Verify the Integrity of the Installation Package
Steps to verify the integrity of the installation package.
Open Windows Powershell ISE.
Use the command below to verify the integrity of installation package:
Test-FileCatalog -CatalogFilePath "<<catalog file path(with extension of .cat) from downloaded artifact>>" -Path "<< folder that should be validated against the catalog file >>"
It will show as valid, as shown in the following example:
3.2 About the Installation Package
There are two primary files youāll interact with during installation:
Inputs.json: Drives the installation of the FOIAXpress system components. The file is in a standard json format and needs to remain a valid json file for successful installation.
Install.ps1: The executable file you will run to deploy the installation package with the parameters configured in the Inputs.json file.
4 Inputs.Json Settings for New Installations
4.1 About the Inputs.json File
The Inputs.json file located in the root directory of the extracted deployment package zip file drives the installation of the different components of the ATIPXpress PAL system. The file is in a standard json format and needs to remain a valid json file post updates prior to the installation.
The settings are grouped into sections, each addressing settings which may or may not require configuration, depending on your specific installation. The following subsections in this chapter describe each section of the Inputs.json file.
The parent node is the āinputsā section. This section appears as follows:
Each section has parameters you can adjust to configure your installation. An example section is shown below, with an explanation for how it works:
Each (1) Section (āInstallTypeā in this example) includes various (2) Settings (āNewā in this example) to configure.
For each (A) Setting (āUpgradeā here), you can edit the (B) text in quotations (āNā here to indicate āNoā) to configure the settings for your installation. This might include adding a file path, user name, password, or simply a āYā or āNā depending on the field you are configuring.
The first section under the parent node is the Install Type. See the following section for details on configuring your install type, with the remaining sections following in the order they appear in the Inputs file.
4.2 Install Type
Use the āInstallTypeā section to determine if this is a new installation, or an upgrade for an existing system:
Setting | Description |
|---|---|
New | Determine whether this is a new installation. For new installations this should be a āYā value. |
Upgrade | Determine whether this is an upgrade for an existing application. For new installations this should be a āNā value. |
4.3 Install Components
The āComponentsā section allows you to determine which components to include with this installation. To include a component with your installation, be sure to assign the component a āYā value on the corresponding line.
Setting | Description |
|---|---|
APP | Include the ATIPXpress PAL Application in this installation procedure. This should be a āYā value for new installations. |
DB | Include the ATIPXpress PAL Database in this installation procedure. This should be a āYā value for new installations. |
4.4 Application and Scheduler
The āAPPANDSCHEDULERā section has settings related to the ATIPXpress PAL application and scheduler installations. A value must be set for all values in this section to successfully install the application:
Note: any files paths specified must have two backslashes where a path in windows explorer requires a single backslash.
Setting | Description |
|---|---|
InstallLocation | Specify a path for the application installation. Note this must be a file path for the .json file the execute. |
Setting | Description |
|---|---|
BackupLocation | Specify a path for the application backup location. Note this must be a file path for the .json file the execute |
SSLCert | The following lines contain the SSL Certificate information. No data is required on this line. This is the grouping for SSL Certification settings to be used for the installation. |
CertPath | Specify a path where the .pfx certificate file is located. Note this must a file path for the .json file to execute |
CertPassword | Enter the password associated with the certificate linked in the āCertPathā field |
PALSSLCert | The following lines contain the PAL SSL Certificate information |
SSLPort | The network port designated for PALās secure communications using SSL |
DnsName | DNS name associated with the PAL application |
PALConfigSSLCert | The following lines contain the PAL Configuration SSL Certificate information |
SSLPort | The network port designated for PAL Configuration to communicate securely using SSL |
DnsName | DNS name associated with PAL Configuration |
AppPool | Enter the name of the application pool associated with your ATIPXpress application, |
4.5 Database Settings
The āDBā section contains the settings for installing or upgrading your ATIPXpress PAL database. In case of a new installation, an agent account will be created.
Setting | Description |
|---|---|
DBServer | Name assigned to the server responsible for storing, retrieving, and managing ATIPXpress data |
DBName | Name given to the specific database used for ATIPXpress |
CreaterDBUserID | Database User ID to be used for this installation. The CreaterDBUserId should have admin rights with the ability to create a new database or database object on the specified Database server |
CreaterDBUserPassword | Password associated with the account used in the āCreaterDBUserIDā field |
IntegratedSecurity | The Integrated Security property instructs the SQL Client to connect to SQL Server using Windows Authentication through the Security Support Provider Interface (SSPI). Use āYā or āNā to determine if you are using Integrated Security in this installation. |
Setting | Description |
AgentAccount | The SQL server login account to be created in case of a new database install or the login already setup for the database being upgraded |
AgentAccountPassword | The SQL server Agent Account password specified in the AgentAcount setting |
AgentAccountIntegratedSecurity | Whether integrated security should be used when connecting to the database, default is āNā |
4.6 Configuration Settings
Settings to configure the PAL Administration user details as well as the basic Organization details.
Setting | Description |
|---|---|
AdminUser | Fields to configure the PAL Administration admin user details |
FirstName | First name for the PAL Admin user |
LastName | Last name for the PAL Admin user |
Setting | Description |
|---|---|
Email ID associated with the PAL Admin user | |
Login | Login ID for the PAL Admin user |
Password | Password associated with the Login ID provided above |
Organization | Details about the organization as configured for PAL |
Name | Organization name |
Email ID associated with the organization |
5 Inputs.json Settings for PAL Upgrade
This section discusses the inputs.json settings used when upgrading an existing AX PAL environment. For information on using the inputs.json file, see the About the Inputs.json File section of this manual.
Note: Some fields that would be required for a new installation should be left as-is for an upgrade. It is important to not edit or remove these fields as this could compromise the integrity of the inputs.json file. These are described where appropriate in the following sections.
5.1 Install Type
Use the āInstallTypeā section to determine if this is a new installation, or an upgrade for an existing system:
Setting | Description |
|---|---|
New | Determine whether this is a new installation. For upgrades this should be a āNā value. |
Upgrade | Determine whether this is an upgrade for an existing application. For upgrades this should be a āYā value. |
5.2 Install Components
The āComponentsā section allows you to determine which components to include with this upgrade. To include a component with your upgrade, be sure to assign the component a āYā value on the corresponding line:
Setting | Description |
|---|---|
APP | Include the ATIPXpress PAL Application in this upgrade procedure. |
DB | Include the ATIPXpress PAL Database in this upgrade procedure. |
5.3 Application and Scheduler
The āAPPANDSCHEDULERā section only requires input in the InstallLocation and BackupLocation fields.
Note: All fields not listed above can remain as-is during an upgrade.
Setting | Description |
|---|---|
InstallLocation | Specify a path for the application installation. Note this must be a file path for the .json file the execute. |
BackupLocation | Specify a path for the application backup location. Note this must be a file path for the .json file the execute |
5.4 Database Settings
The āDBā section contains the settings for installing or upgrading your ATIPXpress database. In case of a new installation, an agent account will be created.
Note: You do not need to edit the AgentAccount fields during an upgrade, these can remain as-is.
Setting | Description |
|---|---|
DBServer | Name assigned to the server responsible for storing, retrieving, and managing ATIPXpress data |
DBName | Name given to the specific database used for ATIPXpress |
Setting | Description |
|---|---|
CreaterDBUserID | Database User ID to be used for this installation. The CreaterDBUserId should have admin rights with the ability to create a new database or database object on the specified Database server |
CreaterDBUserPassword | Password associated with the account used in the āCreaterDBUserIDā field |
IntegratedSecurity | The Integrated Security property instructs the SQL Client to connect to SQL Server using Windows Authentication through the Security Support Provider Interface (SSPI). Use āYā or āNā to determine if you are using Integrated Security in this installation. |
5.5 Configuration Settings
Settings to configure the PAL Administration user details as well as the basic Organization details.
Note: These fields can remain as-is during the upgrade.
6 Install PAL
Before you are ready to run the Install.ps1 file, review the steps below to verify youāve completed all the steps to this point:
Make sure you have connectivity to the servers where the software is being installed.
Complete the procedures described in the PAL Installation Prerequisites section.
Download, verify, and extract the ATIPXpress PAL Installation package.
Configure the Inputs.json file for your installation.
Once the above prerequisites are complete, follow the steps below to deploy the ATIPXpress PAL Installation package.
Open Windows Powershell ISE.
Use PowerShell to navigate to the location where you extracted the installation package:
Type .\install.ps1 for either install or upgrade.
If the inputs.json file is in same location as the extracted installation files, simply click enter to execute the installation. Alternatively, if you have file in different location provide this file location, then execute the script.
7 Sync Service (PAL)
This section provides instructions to configure the ATIPXpress Sync Service (PAL) and permissions. This section is relevant only if PAL is installed on your Web server.
7.1 Public Module Database Server and Database Information
Notes:
Prior to configuring ATIPXpress Sync Service, ensure that the PAL Database has been created.
The Download Document location is with respect to the ATIPXpress Sync Service only if you are using database configuration for your Sync Service. The configured user of the ATIPXpress Sync Service should have Full Control Security permissions on the Download Document location.
The Download Document folder should be manually created on the local or remote system. Ensure that the ATIPXpress PAL application and the Download Document folder path (local or UNC) is accessible by the IIS user on the system where the ATIPXpress PAL application is installed. The path for the Download Document folder should be accessible by creating the virtual directory (DOWNLOADDOCUMENTS) on the ATIPXpress PAL application server.
The Electronic Reading Room folder should be manually created on the local or remote system. Ensure that before the IIS user accesses the ATIPXpress PAL application, the Electronic Reading Room folder path (local or UNC) is accessible to the system on which the ATIPXpress PAL application is installed. The path for the Electronic Reading Room folder should be accessible by creating the virtual directory (ELECTRONICREADINGROOMDOCUMENTS) on the ATIPXpress PAL application server.
To configure ATIPXpress Sync Service, perform the following steps:
Select Start > All Programs > AINS ATIPXpress.
Right-click ATIPXpress Sync Configuration and select Run as administrator.
The Sync Service Configuration window will appear with the fields described in the table below based on the database server type (MS SQL Server) you configured earlier. Enter the required information and click Configure. The screen below uses MS SQL Server.
Field Name | Description |
|---|---|
Server Type | MS SQL Server. |
Server Name | The title given to the server where the PAL database resides. |
Database Name | The title given to the PAL database during creation. |
Login ID | The unique identifier of the database owner (for example, ATIPAgent). |
Password | The password associated with the database owner ID. |
Dashboard | When selected, allows you to set the sync interval in number of minutes. |
Auto Merge Requester Profile | When selected, automatically merges a requesterās ATIPXpress profile data with a newly created requesterās profile in PAL. |
When Requester Address is Updated, Updated | Determines whether to update the requesterās address in PAL if it is modified in the ATIPXpress application. The system will update the address for Open, Closed, Open and Closed, or None of the requests. If the Billing/Shipping address is modified in the ATIPXpress application, the system will update the Billing, Shipping, Billing and Shipping or None of the addresses in PAL. |
SMTP Server | The title given to the SMTP server. |
SMTP Server Port No. | The number assigned to the SMTP Server port. By default, the port number is 25. |
Field Name | Description |
Reprocess Failed jobs for every | How often and at what interval failed jobs will be reprocessed. The field specifies a unit of time and frequency (how often the reprocess has to be invoked). If the process fails, it automatically is reprocessed. |
Send E-mail Alert for every | A time interval to send an email alert for failed jobs. |
Sync Service Interval (Mins.) | The time gap after which the synchronization process starts again and will process all jobs within the queue. Effectively, this is the sleep time between which the synchronization service stops and resumes another cycle of the sync process. When the sync process starts, the ATIPXpress PAL database is updated with the latest requesters and request information. If the sync process interval time is more than the number of jobs to be processed in a synchronization process, the cycle will also increase, and vice versa. The sync service must be set to a number greater than zero. |
Contact Email | The electronic mail address where failed job notifications will be sent. |
Download Document Location | This location stores the requested documents where the requested delivery mode is āPAL.' This location must be on a remote system that is accessible to the ATIPXpress Sync Service. (For example: \\systemname\foldername) The Download Document Folder must be shared prior to installing the sync service so it is available for selection during the configuration process. |
Field Name | Description |
|---|---|
PAL Reading Room Location | This location stores the electronic reading room documents and must be on a remote system, which is accessible to the ATIPXpress Sync Service. |
7.2 Using the WebService to Connect to PAL
Using the WebService to connect to PAL does not require database access. However, you must configure the WebService in IIS to have a successful connection.
Note: The below steps should be taken on the server where PAL is configured.
Click Start > Administrative Tools > Internet Information Services (IIS) Manager.
Expand Start Page > Sites > PALConfig and select the WebServices folder.
Double-click Authentication in the middle pane and enable Windows Authentication.
Click the WebServices folder on the Connections pane to return to the WebServices Home screen.
Right-click the PALConfig node and select Edit Bindings.
Add the HTTP Secure Socket Layer port assignment. Click Add. The Add Site Binding window appears.
Select https from the Type dropdown menu.
Select the SSL Certificate provided in the drop-down list. For example, WMSvcTW-AINSDOCSAX.
Click OK to retain the settings or click Cancel to exit from the Site Bindings window.
7. Add the SSL Certificate. If a certificate is not available in the SSL Certificate drop-down list:
a. Select the Start Page (name of the server).
b. Click the Server Certificates option in the middle pane.
Click Create Certificate Request in the Actions pane. For further instructions, go to http://technet.microsoft.com/en-us/library/cc732906.aspx.
Click Complete Certificate Request in the Actions pane. For further instructions, go to http://technet.microsoft.com/en-us/library/cc771816.aspx.
8. Configure SSL Settings:
a. Double-click SSL Settings.
b. Select the Require SSL checkbox.
c. Accept client certificates.
d. Click Apply in the Actions pane.
9. Click the PALConfig node in the Connections pane to return to the home page.
10. Click the Connect PAL Using WebService option on the ATIPXpress Sync Service Configuration window.
Note: This should be done on the server where the ATIPXpress Sync Service is installed.
Provide the PAL WebService URL in the URL field. For example:
https://palserver/webservices/syncservice.svc.
Note: The palserver portion of the URL above needs to reflect your PAL server name.
Enter the Windows Login ID and Password for the PAL Server.
Enter the required information, and click Configure.
A confirmation message appears once the information is accepted. Click OK.
7.3 ATIPXpress Failed Requests and Requesters
Within the ATIPXpress Sync. Service Configuration window, you can view the number of ATIPXpress failed requests and requesters, and Public Access Link failed requests and requesters. Based on this information, you can take an appropriate action, such as retrying failed jobs. These fields are represented as links that will be enabled only when there are failed requesters and/or requests of ATIPXpress and/or PAL respectively. You must click the links on the bottom-left of the ATIPXpress Sync Service Configuration window in order to view the failed jobs.
After clicking the ATIPXpress Failed Requesters/Requests link the ATIPXpress Failed Requests window appears.
To retry the failed requests/requesters, select the checkbox for each job and click Retry.
Note: All failed jobs will be sent to the sync service.
To view the details of the failed jobs, select a job and click View or double-click the selected job.
To export failed jobs to a log file, click Export Failed Jobs to Log.
7.4 Public Access Link Failed Requests and Requesters
You must click the links on the bottom-right of the ATIPXpress Sync Service Configuration window to view the failed jobs.
Note: The below screenshots show the Public Access Link Failed Requests screens, however, the Public Access Link Failed Requesters screens look very similar.
After clicking the Public Access Link Failed Requesters/Requests link, the Public Access Link Failed Requests window appears.
To retry the failed requests/requesters, select the checkbox for each job and click Retry. All failed jobs will be sent to the sync service.
To view the details of the failed jobs, select an ID and click View or double-click the selected job.
To export failed jobs to the log file, click Export Failed Jobs to Log.
8 Required Privileges for ATIPXpress PAL Application Server
The following section lists the directories that are relevant to ATIPXpress PAL as well as the level of permissions that should be applied to these directories.
8.1 Required Permissions for Network Service User (ASP.NET Process Identity)
On a Web server running Microsoft Windows Server 2016/2019/2022 and Internet
Information Services (IIS) 7.5/8/10, the ASP.NET process runs in the application pool for the Web application. ATIPXpress PAL setup will set the application pool identity as NETWORK SERVICE account by default.
The file and folder permissions listed in table below must have the ASP.NET Process Identity of ATIPXpress PAL Web application (Network Service User/configured impersonate user).
Location | Access type | Comments |
|---|---|---|
%SystemRoot%\Microsoft. NET\ Framework\versionNumber \ Temporary ASP.NET Files | Read, List Folder Contents, Read & Execute, Write | This is the location for dynamically compiled files. Beneath this location, application code generation takes place in a discrete directory for each application. |
%SystemRoot%\assembly | Read, List Folder Contents, Read & Execute | This is the location of the global assembly cache (GAC). |
%SystemRoot%\System32 | Read, List Folder Contents, Read & Execute | This location contains system DLLs loaded by .NET Framework. |
Location | Access type | Comments |
|---|---|---|
%SystemRoot%\Temp | Full Control | This location is used for Web services support. |
User profile directory | Read, List Folder Contents, Read & Execute, Write | This directory is used by the GAC cache lock files and the security configuration caching mechanism of the common language runtime. If the user profile directory for the account does not exist, ASP.NET uses the default user profile directory. |
Electronic Reading Room Documents Location | Read, List Folder Contents, Read & Execute, Write | All ATIPXpress PAL electronic reading room documents are stored in this location. |
Download Documents Location | Read, List Folder Contents, Read & Execute, Write | All ATIPXpress PAL download documents are stored in this location. |
Inetpub\wwwroot\ PublicAccessLink\PAL\imag es | Modify, Read & Execute, List Folder Contents, Read, Write | This location stores the images of the PAL website. |
Inetpub\wwwroot\ PublicAccessLink\PALConfi g\ images | Modify, Read & Execute, List Folder Contents, Read, Write | This location stores the images of PAL Config website. |
Location | Access type | Comments |
|---|---|---|
Inetpub\wwwroot\ PublicAccessLink\ PALConfig\App_Data | Modify, Read, & Execute, List Folder Contents, Read, Write | This location contains dictionary file information |
Program Files\PAL\pallog.txt -OR- Program Files (x86)\PAL\pallog.txt | Modify, Read & Execute, List Folder Contents, Read, Write | This file records the error log information for PAL. |
Program Files\PAL\Errorlog.txt -OR- Program Files (x86)\ PAL\Errorlog.txt | Modify, Read & Execute, List Folder Contents, Read, Write | This file records the error log information for PortalXpress |
Note: If file repository folders (Download Documents and Electronic Reading Room document locations) are located on another server other than the ATIPXpress PAL application server, set the required security and sharing permissions for the ATIPXpress PAL application server account (network service user). Example: palserver$.
The File Repository folder located on the file server should have the Read and Write permissions for File Sharing and Full control for Security permissions. Please refer to the above screenshots to view the permissions.
8.2 ATIPXpress Sync Service Required Privileges
The following table shows which type of file and folder permissions the user must have to function properly.
Location | Access Type | Account | Comments |
|---|---|---|---|
%SystemRoot%\assembly | Read, List Folder Contents, Read & Execute | Service User | This is the location of the global assembly cache (GAC). |
%SystemRoot%\System32 | Read, List Folder Contents, Read & Execute | Service User | This location contains system DLLs loaded by the .NET Framework. |
User profile directory | Read, List Folder Contents, Read & Execute, Write | Service User | This location stores the cache files of the Sync Service. |
%SystemRoot%\Microsoft.NET \Framework\version and subdirectories | Read, List Folder Contents, Read & Execute | Service User | ASP .NET must be able to access the system assemblies referenced in the Machine.config file in the CONFIG subdirectory under %SystemRoot%\Microsoft.NET\ Framework\version. |
Location | Access Type | Account | Comments |
|---|---|---|---|
AFXWDOFL | Read & Execute, List Folder Contents and Read | Service User | All ATIPXpress original documents are stored in this location. |
AFXWERR | Full Control | Service User | All ATIPXpress electronic reading room documents are stored in this location. |
Program Files\AINS\\ ATIPXpress\bin -OR- Program Files (x86)\AINS \ATIPXpress\bin | Full Control | Service User | Installed application files will be stored in this location. |
Program Files\AINS\\Logs -OR- Program Files (x86)\AINS \Logs | Modify, Read & Execute, Read, Write | Service User | The application error log and configuration files will be stored in this folder |
Documents Download Location | Full Control | Service User | This is provided in the Sync Service configuration. If request delivery mode is set to web download, the documents will be stored in this location. |
Location | Access Type | Account | Comments |
Electronic Reading Room location | Full Control | Service User | This is provided in the Sync Service configuration. The documents published from ATIPXpress will be stored in this location. |
Notes:
The above specified Download Document Location and Electronic Reading Room Location should be the same as the location specified in the ATIPXpress Sync Service Configuration.
The folders \AFXWDOFL and \AFXWERR are the ATIPXpress File Repository folders.
The folder %SystemRoot% is the Microsoft Windows installation folder.