Using Microsoft Windows Authentication to connect to TMWSuite
5. Using Microsoft Windows Authentication to connecttoTMWSuite
By default, using TMWSuite requires two login procedures. Each procedure uses its own login/password. These procedures consist of logging in to your:
· Microsoft Windows network (Windows Authentication)
You log on to your Microsoft® Windows network by entering your Windows login/password in the User name and Password fields in the Log On to Windows dialog box that displays when you start or restart your computer.
· TMWSuite application(s) (SQL Server Authentication)
You log on to your TMWSuite application by entering your TMWSuite login/password in the User ID and Password fields in the login dialog box that displays when you start a TMWSuite application.
If you are using TMWSuite General Availability Release 2k5 R1 (build 2005.04_10.0211) or higher, you can eliminate the need for multiple login procedures by enabling Microsoft Windows Authentication to TMWSuite. This process involves linking Windows network logins to TMWSuite logins. The system will require users to log in only when they start or restart their computers. When users start a TMWSuite application they are authorized to use, the system will automatically log in to the application using the Windows login/password used to log in to the network.
Performing set up procedures 5.2
Recording your Windows logon on the server that houses yourTMWSuite database 5.2
Linking the Windows login to your user profile 5.3
Configuring the TTS50 and General Info Table settings that affect Windows Authentication 5.4
Activating Windows Authentication 5.4
[Misc] UseWindowsAuthentication 5.4
Setting the override timer 5.5
[Misc] WindowsAuthenticationPromptTime 5.5
Specifying the local INI file 5.6
Using Windows Authentication to log in toaTMWSuiteapplication 5.7
Performing set up procedures
To set up your system to use Windows Authentication to connect to TMWSuite, you must:
· Record your Windows logon on the SQL server on which your TMWSuite database resides.
· Link your Windows logon to your user profile.
· Make entries in the TTS50.ini file and General Info Table.
Recording your Windows logon on the server that houses yourTMWSuite database
You use Microsoft® SQL Server™ to record your Windows logons for your TMWSuite database. You must have system administrator authority to record Windows logons.
Note: This document provides instructions on using Microsoft SQL Management Studio. The information included here is relevant to Microsoft SQL Management Studio Version 2014 using a Windows 10 operating system. TMW does not track updates to third party applications. If you are using a later version of Microsoft SQL Management Studio and/or a different operating system, you should consult the vendor's user documentation for instructions.
1. Open Microsoft SQL Server Management Studio.
2. In the Object Explorer pane, expand the Security folder.
3. Right-click on the Login folder.
A shortcut menu opens.
4. Select New Login.
The Login-New window opens.
5. In the Login name field, enter the user's Windows log on.
Note: You must enter the user name in this format: Domain\Username. For example, TMWSYSTEMS\Jspring.
6. Click OK.
Microsoft SQL Server Management Studio adds the user logon in the Logins folder.
Linking the Windows login to your user profile
Before you use Windows Authentication with TMWSuite applications, you must link the Windows login to the user profile.
To link the profile, follow these steps:
1. In System Administration, open the User Maintenance window.
2. In the User List section, open the user’s profile in the Edit User Profiles window.
3. In the Windows Login field, enter the Windows account in this format: Domain\Username
Notes:
1. Using Windows Authentication does not change the method the system uses to locate TMWSuite’s INI files. For more information about using INI files, see the “Using INI files to configure the system” chapter of this guide.
2. The [Misc]GlobalLogon TTS50 setting is not used when UseWindowsAuthentication=Y.
4. Click Save.
The system displays a message stating, "A windows login value has been entered. This has implications on login/user configuration on SQL Server. Continue?"
5. To confirm your changes, click Yes.
Click No to close the window without saving your changes.
6. Close the Edit User Profiles window.
Configuring the TTS50 and General Info Table settings that affect Windows Authentication
The following sections describe the TTS50.ini and General Info Table settings that affect Windows Authentication. Some settings are mandatory, while others are optional.
Activating Windows Authentication
The UseWindowsAuthentication=Y setting in the [Misc] section of the TTS50.ini file activates Windows Authentication. This setting is required.
[Misc]UseWindowsAuthentication /
Applies to / TMWSuite, CRM Right, TMW.Suite Back Office, TMW.Suite Operations, Fuel Dispatch, Inventory Services
Description / This setting determines whether the system uses Windows Authentication to log in to TMW applications.
Options / · N (default)
Do not use Windows Authentication. Use TMWSuite User ID and Password to log in.
· Y
Use Windows Authentication.
Notes:
1. When you use this option, the [Misc]GlobalLogon setting in the section of the TTS50.ini file is ignored.
2. To log in to TMWSuite with Windows Authentication successfully, you must first record the user's Windows login (network login) in the following places:
3. The Windows Login field in the user’s profile
4. You must enter the login information using the DOMAIN\User format. For example: tmwsystems\Jspring.
5. The Logins folder on your SQL server that houses your TMWSuite database
· You must enter the login information using the DOMAIN\User format. For example: tmwsystems\Jspring.
· The [INIPATH] section of the TTS50.ini file, in the form UserLogin=Path to local INI file
· Your TTSlocal.ini file specifies the TMWSuite database to use and the Microsoft SQL server on which the database resides.
· If you have only one database and the TTSlocal.ini file is located in the same directory as the TMWSuite executables, you do not need to make any [INIPATH] entries in the TTS50.ini file. TMWSuite will automatically look in the TTSlocal.ini for the database location.
Setting the override timer
The override timer configures the system to pause before logging in with Windows Authentication. During this pause, you can use your TMWSuite User ID and Password to log in.
[Misc]WindowsAuthenticationPromptTime /
Applies to / TMWSuite
Description / This setting works in conjunction with the [Misc]UseWindowsAuthentication setting. This setting specifies the number of seconds the system pauses before attempting to log in using Windows Authentication. During this pause, the Windows Authenticate message displays. While the message is displayed, the user can override the Windows Authentication and log in using the traditional TMWSuite method of entering his/her login ID and password. 6/15/15 DJ: TBT FD
Options / · 3 (default)
The system pauses for three seconds.
· User-specified number of seconds
The system pauses for the number of seconds you specify.
Additional Notes / 1. An entry of 0 (zero) will not allow the user to override Windows Authentication.
2. CRM Right, TMW Back Office, and TMW Operations do not support this setting.
Specifying the local INI file
When a user logs in to a TMWSuite application, the application attempts to connect to the database specified in the applicable local INI file. An entry in the [INIPATH] section of the TTS50.ini file points to the local INI file for that user. If multiple users are using the same TTS50.ini file and accessing different databases, each user must have an entry in the [INIPATH] section of the TTS50.ini file.
If you have only one database and your TTSlocal.ini is located in the same directory as the TMWSuite executables, you do not need to make any [INIPATH] entries in the TTS50.ini file. TMWSuite will automatically look in the TTSlocal.ini for the database location.
[INIPATH] /Setting / Description /
An entry in the [INIPATH] section links a user ID to a local INI file. (The local INI, in turn, identifies the database.) The entry is in the format of userID=path to local INI file.
· If all users are using the same database and you have a local INI file named TTSlocal.ini in the same directory as the TMWSuite executables, no entries are needed in this section of the TTS50.ini file. TMWSuite will automatically look in the TTSlocal.ini for the database location.
· If users are using different databases, an entry for each user ID is required in this section.
Note: If you are recording an entry to be used with Windows Authentication, be sure to enter the Windows user ID.
Here is an example of a Windows user ID pointing to a local INI file: djese=c:\TMWSuite\Local_INIs\djese.ini
Note: There are three methods you can use to specify the local INI file:
· Adding a command line argument to the shortcut for a TMWSuite application.
· Adding an entry in the [INIPATH] section of the TTS50.ini file.
· Placing a local INI file named TTSlocal.ini to the same directory as the TMWSuite executables.
For information, see the “Using INI files to configure the system” chapter of this guide.
Using Windows Authentication to log in toaTMWSuiteapplication
To use Windows Authentication to log in to an application, follow these steps:
1. Double-click on the application’s executable file, or shortcut.
After a few moments, the TMWSuite login dialog box displays with the Windows Authentication message.
2. To log in with Windows Authentication click Yes, or wait for the timer to count down. After a few moments, the system displays the application you selected.
Note: If you want to log in using the traditional TMWSuite method, click No. The TMWSuite login dialog box will display.
If the Windows Authentication fails, the system displays a message stating, "Could not Connect. User ID or Password incorrect or not recognized." Click OK and the system will display the TMWSuite login dialog box. This allows you to use the traditional TMWSuite method to log in.
System Administration 5.5 Revised: 1/2017
TMWSuite Copyright TMW Systems, Inc. | A Trimble Company