30-3001-835 Webclient Planning and Installation Guide

Andover Continuum web.
Client
Planning and Installation Guide
for Version 1.94
© 2012, Schneider Electric
All Rights Reserved
No part of this publication may be reproduced, read or stored in a retrieval system, or

transmitted, in any form or by any means, electronic, mechanical, photocopying, recording,
or otherwise, without prior written permission of Schneider Electric.
This document is produced in the United States of America.
Andover Plain EnglishTM is a trademark of Schneider Electric.
Andover InfinetTM is a trademark of Schneider Electric.
All other trademarks are the property of their respective owners.
Title: Andover Continuum web.Client Planning and Installation Guide
web.Client Version 1.94
Schneider Electric part number: 30-3001-835
The information in this document is furnished for informational purposes only, is subject
to change without notice, and should not be construed as a commitment by Schneider Elec-
tric. Schneider Electric assumes no liability for any errors or inaccuracies that may appear
in this document.
On October 1st, 2009, TAC became the Buildings Business of its parent company Schneider
Electric. This document reflects the visual identity of Schneider Electric. However, there
remain references to TAC as a corporate brand throughout the Andover Continuum soft-
ware. In those instances, the documentation text still refers to TAC — only to portray the
user interface accurately. As the software is updated, these documentation references will
be changed to reflect appropriate brand and software changes. All brand names, trade-
marks and registered marks are the property of their respective owners.
Schneider Electric
One High Street
North Andover, MA 01845
(978) 975-9600
Fax: (978) 975-9782
http://www.schneider-electric.com/buildings
Andover Continuum web.Client
Planning and Installation Guide
30-3001-835
Version 1.94
Contents
About this Manual ................................................................. 9

What’s in this Manual ................................................................. 9
Revision History .......................................................................... 10
Related Documentation .............................................................. 10
Symbols Used .............................................................................. 11
Chapter 1 Introduction to web.Client ................................................... 13

Overview ...................................................................................... 14
web.Client Overview ................................................................... 14
web.Client User Documentation ....................................... 15
A Typical System before web.Client ........................................... 16
A Typical System Implementing web.Client ............................. 17
Differences between web.Client and CyberStation ................... 19
Chapter 2 System and Pre-Installation Requirements ........................ 21

web.Client Setup Configurations ............................................... 22
Hardware and Software Requirements for LAN System .......... 23
Hardware and Software Requirements for a Standalone System 27
Pre-Installation Microsoft Tasks ................................................ 32
Installing System Software ............................................... 32
.NET Framework 2.0 ......................................................... 32
Installing IIS on Windows Server 2008 ............................ 32
Installing IIS on Windows XP and Windows Server 2003 43
Registering File Extensions for Windows Server 2003 .... 45
Configuring IIS for Windows 7 .......................................... 45
Modifying Application Pools for Windows 7 and Windows
Server 2008 ......................................................................... 46
Registering File Extensions for Windows Server 2008 and
Andover Continuum web.Client Planning and Installation Guide 5

Windows 7 .......................................................................... 50
SSL Considerations for the IIS PC ................................... 51
Changing the Default TCP Web Port Number for the
IIS PC ........................................................................... 52
Disabling WinSock Proxy Client on Standalone System . 52
Ensuring a Domain Membership Is Selected ................... 52
Avoiding Invalid Characters in a Server Name ............... 52
Disabling Windows Automatic Updates and Windows
Firewall ............................................................................... 53
Windows 7 and User Account Control Data Redirection . 55
Chapter 3 Installing and Configuring web.Client on the IIS PC ......... 57

Overview ...................................................................................... 58
Installing web.Client on the IIS PC ........................................... 59
Creating and Initializing the Database on a Standalone
IIS PC ................................................................................. 65
Adding web.Client to an Existing Standalone Database . 72
Initializing the Database on a LAN IIS PC ...................... 74
web.Client Video System Upgrades ........................................... 77
Routing Alarms to the IIS PC on a LAN System ..................... 79
Configuring Access Permissions for web.Client Users .... 80
Configuring Your Video Servers ................................................ 81
Configuring Graphics Folders for web.Client: Windows XP and
Windows Server 2003 ................................................................. 82
Specifying a Local Folder as a Web Address .................... 82
Specifying a Network Folder as a Web Address ............... 83
Verifying Anonymous Access to Virtual Folders .............. 86
Configuring Graphics Folders for web.Client: Windows Server
2008 and Windows 7 ................................................................... 87
Setting Up an Application for Graphics on Windows Server
2008 and Windows 7 .......................................................... 87
Giving Everyone Access to Graphics Files on Windows Server
2008 and Windows 7 .......................................................... 94
Establishing Pinpoint Folders ................................................... 98
Configuring DCOM Default Security Settings ......................... 100
Configuring Default Launch and Access Permissions ..... 100
Disabling HTTP Keep-Alives ..................................................... 103
Resetting Timeout and Live Events Via web.config File .......... 103
Inactivity Timeout ............................................................. 104
Live EventView .................................................................. 104
6 Schneider Electric
Establishing SSL Support for Confidential Information .......... 105
Using SSL Online Documentation .................................... 105
Changing IE Security Internet Options to Accommodate
SSL ...................................................................................... 108
Enabling SSL for web.Client ............................................. 109
Setting Up SSL for web.Client Pinpoint ........................... 109
Changing the Default TCP Port Number .................................. 112
Chapter 4 Testing and Installing web.Client on a Client PC .............. 115

Overview ...................................................................................... 116
Testing Access to and Installing web.Client
on a Client PC ............................................................................ 116
Before Getting Started ....................................................... 117
Launching Internet Explorer in Windows 7 ..................... 118
Installing the web.Client Utilities Control ....................... 119
Installing Microsoft .NET Framework 2.0 ....................... 120
Installing web.Client Pinpoint .......................................... 121
If your IIS PC Uses IIS 6.0 and Windows Server
2003, Windows Server 2008, or Windows 7 ............... 122
Installing the Video Layout Control and .NET
Framework 3.5 ................................................................... 122
Setting Browser “Zone” Permissions for .NET Framework 124
Download and Install .NET Framework SDK 2.0 ..... 124
Run the Microsoft Code Access Security Policy Tool . 125
Server Proxy Applications ................................................. 126
Logging Out of web.Client .......................................................... 127
Chapter 5 Using web.Client to Set Up Your Organization .................. 129

Overview ...................................................................................... 130
Example: Building a Security Management System ....... 130
web.Client Security Basics ......................................................... 131
Testing web.Client Security .............................................. 133
Scenario 1: A Single-Building Company .................................... 134
How Is the Company Physically Divided? ........................ 134
Who Are the Users? ........................................................... 135
What Are the Security Levels? .......................................... 136
Setting Up web.Client in CyberStation ............................ 136
Scenario 2: A Global Company ................................................... 137
What Are the Company Personnel Groups? ..................... 137

Where Are the Company Facilities Located? ................... 138
Who Are the Users? ........................................................... 138
What Are the Security Levels? .......................................... 139
Setting Up web.Client in CyberStation ............................ 140
Appendix A web.Client Security and Troubleshooting Tips ................. 141

Tips .............................................................................................. 142
Tip 1 - Ensuring Full System Access for at Least One
User .............................................................................. 142
Tip 2 - Placing PIM Files in a Single Folder .............. 142
Tip 3 - Applying Security to non-web.Client Folders 143
Tip 4 - Verifying DCOM Is Enabled ........................... 144
Tip 5 - Enabling the Default Document .................... 144
Tip 6 - Understanding Security Ramifications for IIS
Applications ................................................................. 145
Tip 7 - Be Sure that IIS Is Installed before .NET
Framework ................................................................... 146
Tip 8 - Changing IIS / Windows Server 2003 Resource
Recycle Time ................................................................ 146
Appendix B web.Client Applications that Are Installed ......................... 149

Installed Applications ................................................................. 150
Appendix C Guidelines for Upgrading to Version 1.94 .......................... 151

Upgrade Guidelines .................................................................... 152
Appendix D SQL Express Installation Error Messages ......................... 155

Overview ...................................................................................... 156
SQL Express Installation Error Messages ................................ 157
About this Manual
What’s in this Manual

z Introduction to web.Client
z System and Pre-Installation Requirements
z Installing and Configuring web.Client on the IIS PC
z Testing and Installing web.Client on a Client PC
z Using web.Client to Set Up Your Organization
z web.Client Security and Troubleshooting Tips
z web.Client Applications that Are Installed
z Guidelines for Upgrading to Version 1.94
z SQL Express Installation Error Messages

About this Manual
Revision History
This manual documents web.Client, Version 1.94..
Revision History
Document Revision Software Version Date
1.94 1.94 March 2012
1.93 1.93 March 2011
1.92 1.92 December, 2010
1.91 1.91 February, 2010
1.9 1.9 August, 2008
1.82 1.82 January, 2008
1.81 1.81 June, 2007
1.8 1.8 December, 2006
1.74 1.74 August, 2006
1.73 1.73 January, 2006
1.71 1.71 May, 2005
1.7 1.7 December, 2004
1.62 1.62 March, 2004
1.6 1.6 August, 2003
1.52 1.52 December, 2002
1.5 1.5 October, 2002
Related Documentation
For additional or related information, refer to these documents.
Related Documents
Document
Document Number
Andover Continuum CyberStation Installation Guide 30-3001-720
CyberStation Access Control Essentials Guide 30-3001-405
CyberStation HVAC Essentials Guide 30-3001-1000
web.Client online help (Version 1.94)
About this Manual
Symbols Used
The Notes, Cautions, Warnings, and Hazards in this manual are
defined, as follows.
Note: Notes contain additional information of interest to the user.
CAUTION
Type of hazard
How to avoid hazard.
Failure to observe this precaution can result in injury or equipment
damage.
WARNING
Type of hazard
Failure to observe this precaution can result in severe injury.
DANGER
ELECTRIC SHOCK HAZARD
Failure to observe these instructions will result in death or serious
injury.

About this Manual
Chapter 1
Introduction to web.Client
This chapter contains the following topics:
z web.Client Overview
z web.Client User Documentation
z A Typical System before web.Client
z A Typical System Implementing web.Client
z Differences between web.Client and CyberStation

Chapter 1: Introduction to web.Client
Overview
This manual provides you, the system administrator, with general
information for planning, installing, and configuring your Andover
Continuum web.Client system, version 1.94.
CAUTION
This manual is for system administrators.
To use the installation and setup procedures in this manual you must be a system
administrator with experience in setting up a web server. You must also have
experience using Microsoft system software and understand that there are graphical
user-interface differences between the different Windows platforms. For detailed
information about Microsoft software, please see your Microsoft Windows online help
and visit www.microsoft.com and other Microsoft web sites.
Failure to observe this precaution can result in incorrect system
configuration.
Note: The procedures in this manual presume you and your users are installing or
upgrading to web.Client version 1.94. You must meet the software and
hardware requirements compatible with version 1.94. Refer to Chapter 2,
System and Pre-Installation Requirements.
web.Client Overview
web.Client is an application that provides you with web-enabled access
everywhere, all the time. By using a standard browser, your authorized
personnel can access the Continuum facility management system in
real time across your site’s local area network (LAN) or across your
wide-area network (WAN).
web.Client is either added to a LAN Andover Continuum CyberStation

system or installed with a standalone CyberStation on a single PC.
With the basic web.Client Personnel Manager option, your users can:
z Create, search for, edit, and delete personnel records

z Change employee access privileges
z View a person’s access events
z View and generate reports of all access events, including area

access events, access events by persons, and distribution-event
transactions via the Access Distribution View
z Edit and view schedules and calendars.
z Change a password.
With the advanced web.Client Pro option, your users have all the
features of the basic web.Client Personnel Manager option as well as
the following additional features:
z Create, run, and view graphical reports (class object Report),

including bar charts, pie charts, trend charts, text reports, and so
on.
z List and view graphics and groups
z View live system alarms and live events
z View live video, as well as search for and view recorded video, via
the class object, VideoLayout.
z Search for web.Client objects by exploring a folder tree hierarchy or
a network/device tree hierarchy, or by using a text search engine
z Edit and view Loops and TrendLogs.
For complete information about any of these features, please see the
web.Client online help.
web.Client User Documentation

Extensive online help is available within the web.Client application
browser window. Click the question mark button. This button appears
at the top of every web.Client screen. The online help covers all of the
major features in the web.Client user interface.

A Typical System before web.Client

The following illustration shows how your Continuum system is used
before web.Client.
A Continuum system without web.Client consists of a database server

and high powered, dedicated workstations. Also note that all
administration must be performed at one of the dedicated
workstations.
The following illustration shows what the administration of the typical

system would entail. In this security example, a single administrator is
responsible for assigning all security privileges for engineering and
manufacturing personnel.
A Typical System Implementing web.Client

Illustrations on the next page show how your system is utilized when
web.Client is added to a Continuum system. As shown in the second
illustration, a web.Client local area network (LAN) system consists of:
z A database server
z Dedicated workstations for configuration
z A dedicated web.Client application server
z PCs running Internet Explorer 8.0 or 9.0 connecting web.Client
Note: You will be installing either a web.Client for a LAN system or a standalone
with web.Client. A LAN system has two servers: a database server and a
web.Client application server. In a standalone system, the database and
web.Client application reside on one server. Chapter 2, System and Pre-
Installation Requirements, provides detailed requirements for both systems.
You can delegate security tasks to authorized personnel who then

assign security privileges for their departments (in this case,
engineering and manufacturing personnel).
You use the dedicated workstation, and the authorized personnel use
web.Client on their own computers.
In the administration of a web.Client system, for example, you would

be responsible for assigning privileges to engineering and
manufacturing designees, who in turn are responsible for assigning all
security privileges for engineering and manufacturing personnel.
Similarly, you could grant access rights to:
z An employee to adjust the temperature after viewing current

conditions
z A coordinator to schedule a conference room and activate the
lighting
z A technician to take control of an air handler during service
z A manager to search video for an incident
z A facilities manager to graphically monitor and adjust building
conditions and monitor alarms

Differences between web.Client and CyberStation

web.Client is an extension of CyberStation. Through the convenience of
a web browser, you can view, monitor, and in some cases modify objects
and their values. (These include BACnet® objects, since CyberStation
and web.Client support the BACnet ANSI/ASHRAE standard.)
However, there are some differences between what your users can do in
web.Client vs. CyberStation. You generally use web.Client to view and
monitor objects that were defined in CyberStation. The following table
lists the levels of support offered with each major web.Client feature.
For information on web.Client features, see the web.Client online help.
web.Client Levels of Support

LEVELS OF web.Client SUPPORT
Feature View Modify Delete Create
Personnel X X X X
Schedules and Calendars X X X
Events within Events within
schedules only schedules only
Reports X X X
Areas X
Groups X
Loops X X
Graphics X
Alarms X X
Events X
Distribution Events X X X
Points and objects X X X
Except: BACnet
objects cannot be
deleted.
TrendLogs X X
Video X 1
Doors X X
Controller Web Pages X
1. Video can be modified, but not saved. For example, you can change cameras,
show/hide time, change focus, zoom, but you will lose these changes if the
page is refreshed or you open another editor.

Chapter 2
System and Pre-Installation
Requirements
z web.Client Setup Configurations

z Hardware and Software Requirements for LAN System
z Hardware and Software Requirements for a Standalone System
z Pre-Installation Microsoft Tasks
Note: Before installing or upgrading to web.Client version 1.94, be sure the

requirements outlined in this chapter are satisfied.
web.Client users must have a password to log on.

Chapter 2: System and Pre-Installation Requirements
web.Client Setup Configurations

Depending on your web.Client version 1.94 package and configuration,
you are setting up either:
z web.Client local area network (LAN) system

z A standalone “single user” system with web.Client
LAN system: The web.Client LAN system comprises a Continuum/

SQL database server and an Internet Information Services (IIS) server
dedicated to running the web.Client application. On a LAN system, the
IIS server can be a Windows XP Professional workstation, Windows
Server 2003, Windows Server 2008, or Windows 7 machine. Each
supports a different number of user connections, however. See the table
below for more details.
Standalone system: The standalone “single user” system with

web.Client comprises one PC on which the Continuum/SQL Express
database, IIS, and the web.Client application all reside. A standalone
system PC may also run Windows XP Professional workstation,
Windows Server 2003, or Windows 7.
The following table lists the maximum number of web.Client version

1.94 users per server, as well as the maximum number of
CyberStations and IIS servers, for each type of setup:
Maximum Number of web.Client 1.94 Users Per Server

Maximum Number of web.Client Users Per Server
When IIS When IIS Is When IIS is
Is When IIS Installed on installed
Installed Is Installed Windows XP on
on on Professional Windows 7
Windows Windows Workstation Number Number of
Server Server of Cyber- IIS
System 2003 2008 Stations Servers
LAN 25 25 2 2 Unlimited Unlimited
Standalone 1 2 2 2 2 1 1
1. A total of three machines (web.Client browser PCs plus CyberStations) is the maximum num-
ber allowed on a standalone system. This means the following combinations are valid: Two
web.Client connections and one CyberStation, one web.Client connection and two CyberSta-
tions, or three CyberStations (if there are no web.Client connections).
Hardware and Software Requirements for LAN System

A web.Client LAN system has two server types:
z Continuum/SQL database server

z IIS server (one for every 25 users)
If your system has no more than 25 users, select one server as the
web.Client IIS server. This IIS server should be dedicated to running
the web.Client application. For a larger LAN system (at least for any
system having more than 25 users) your site must have more than one
IIS server.
Depending on your particular LAN installation, the IIS server can be:
z Windows XP Professional workstation (maximum of two users)

z Windows Server 2003 (maximum of 25 users per IIS server)
z Windows Server 2008 (maximum of 25 users per IIS server)
z Windows 7 (maximum of two users per IIS server)

The IIS server must be on a network that can connect to the

Continuum/SQL database server. The browser PCs must be on a
network that can connect to the IIS server.
web.Client version 1.94 will upgrade any previous version on IIS

server. web.Client 1.94 includes CyberStation 1.94, and installing it
upgrades the IIS machine to 1.94. Workstations not at version 1.94
must be upgraded before installing web.Client.
See also:
z Chapter 3, Installing and Configuring web.Client on the IIS PC

z Appendix C, Guidelines for Upgrading to Version 1.94
z Andover Continuum CyberStation Installation Guide, 30-3001-720
The following table shows the hardware and software requirements for
the IIS server and the client browser on LAN systems.
Hardware Requirements for IIS Server for LAN Systems

Minimum Recommended
Intel® CoreTM 2, Duo, 1.66 GHz Quad core1
or better1, 2 2 GHz or better
2 Gb RAM or higher2 plus 5 Mb per 4 Gb RAM plus 5 Mb per connection

connection
15 Gb free space (NTFS Partition) 30 Gb free space (NTFS Partition)
CD ROM drive CD ROM drive
Video resolution: 1024 x 768 pixels Video resolution: 1024 x 768 pixels
Parallel or USB port Parallel or USB port
1. Memory and processor speed - Performance is directly related to processor

speed and RAM. Increasing hard drive size allows for growth of applications
(graphics, programs, and so on). Faster processor speeds and more RAM
available to the program will increase performance.
2 Use Recommended requirement for systems with integrated video.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5
MB of RAM on the IIS server. (For example, two browser PCs connected to the
IIS server accessing web.Client use 10 MB of RAM on the IIS server. For this
configuration, Schneider Electric recommends a minimum of 512 MB plus 10
MB (used by the two PCs) or a minimum of 522 MB of RAM on the IIS Server.)
The following table shows the video-specific hardware requirements for

the IIS server on LAN systems.
Video-Specific Requirements
Minimum Recommended
100 Mbps network port 1 Gb network port
Graphics card with DirectX 9.x or later DirectX 10 graphics device with WDDM
with 256 Mb of dedicated RAM 1.0 or higher driver with 512 Mb of
dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces.
Per standard Pelco Endura video configuration, you should configure stream 2. When
doing so, be sure to set a lower resolution and smaller frame rate. Otherwise, the
performance of your PC may be negatively affected. Be aware that Andover
Continuum only supports H.264 and MPEG4 video formats.
The following software is recommended for LAN systems.
Software for LAN Systems

Tested & Supported Software for LAN Systems1
Server Microsoft Windows XP Professional workstation (SP3)
OR:
Microsoft Windows Server 2003 (SP2)
OR:
Microsoft Windows Server 2003 R2 (SP2)
OR:
Microsoft Windows Server 2008 using SQL 20082
OR:
Microsoft Windows Server 2008 R2 32-bit or 64-bit modes using
SQL Server 20082
OR:
Microsoft Windows 7 Professional
OR:
Microsoft Windows 7 Ultimate
Browser For Windows XP and Server 2003: Internet Explorer 8.0 or
Internet Explorer 9.0
For Windows 7: Internet Explorer 8.0 or Internet Explorer 9.0
Note: Be aware that web.Client only supports the 32-bit

version of Internet Explorer.
Internet IIS:
Microsoft Windows XP: IIS 5.0
Microsoft Windows Server 2003: IIS 6.0
Microsoft 7: IIS 7.0

Software for LAN Systems

Tested & Supported Software for LAN Systems1
CyberStation Andover Continuum CyberStation Version 1.94
Database SQL Server 2000 (SP4)
OR:
SQL Server 2005 (SP3)
OR:
SQL Server 2008 (SP1)
OR:
SQL Server 2008 R2
When you are prompted to select an authentication mode, select

Mixed Mode. For more information, please see the Andover
Continuum CyberStation Installation Guide, 30-3001-720.
Network TCP/IP
protocol
Other Microsoft .NET Framework version 2.0
AND:
Microsoft .NET Framework version 3.5 (SP1)
Windows Installer 3.1
1. Internet Explorer, IIS, and TCP/IP are included with the Microsoft operating systems.
Upgrades and service packs are available free of charge from Microsoft’s web site,
www.microsoft.com.
2. No CyberStation or webClient software installed.
The following table shows the Browser PCs that are recommended for
LAN systems.
Browser PCs for Users on a LAN System

Tested & Supported Browser PCs for Users on a LAN System
Hardware Software
The video feature requires network access The client browser PC on a LAN system
to a digital video recorder. This may can be running one of the following:
require you to open port 18772 or
establish a Virtual Private Network z Windows XP Professional (SP3)
(VPN) connection if there is a firewall.
z Windows Server 2003 (SP2) or
Windows Server 2003 R2 (SP2)
z Windows 7 Professional or Windows
7 Ultimate
For Windows XP and Windows Server
2003:
Internet Explorer 8.0 OR Internet

Explorer 9.0
For Windows 7: Internet Explorer 8.0 or

Verify IE defaults are enabled for:

Cookies and JavaScript
Hardware and Software Requirements for a

Standalone System
On a single-user standalone system with web.Client, the Continuum
SQL Express database, IIS, and the web.Client application are all
installed on one Windows XP Professional workstation, one Windows
Server 2003, or one Windows 7 machine.
Note: The standalone system can accommodate two user connections (browser PCs).
If you require more than two users, then you must upgrade to a LAN system
with Windows Server 2003 (maximum 25 users).
web.Client version 1.94 will upgrade any previous version’s IIS server.
web.Client 1.94 includes Cyberstation 1.94, and installing it upgrades
the IIS machine to 1.94. Workstations other than the IIS server that

are not at version 1.94 must be upgraded before installing web.Client.

(Refer to the Andover Continuum CyberStation Installation Guide, 30-
3001-720, for upgrade procedures.)
See also:
z Chapter 3, Installing and Configuring web.Client on the IIS PC

z Appendix C, Guidelines for Upgrading to Version 1.94
z Andover Continuum CyberStation Installation Guide, 30-3001-720
The following table lists hardware and software requirements for the
IIS workstation and the client browser on standalone systems.
Hardware Requirements for Standalone Systems

Minimum Recommended
Intel® CoreTM 2, Duo, 1.66 GHz Quad core1
or better1 1, 2 2 GHz or better
2 Gb RAM or higher2 4 Gb RAM
15 Gb free space 30 Gb free space

CD ROM drive CD ROM drive
Video resolution: 1024 x 768 pixels Video resolution: 1024 x 768 pixels
Parallel or USB port Parallel or USB port
1. Memory and processor speed - Performance is directly related to processor

speed and RAM. Increasing hard drive size allows for growth of applications
(graphics, programs, and so on). Faster processor speeds and more RAM
available to the program will increase performance.
2. Use Recommended requirement for systems with integrated video.
Note: Every connection to the IIS server by a browser PC accessing web.Client uses 5
MB of RAM on the IIS server. For example, two browser PCs connected to the
IIS server accessing web.Client use 10 MB of RAM on the IIS server. In this
configuration, Schneider Electric recommends a minimum of 512 MB plus 10
MB (used by the two PCs) or a minimum of 522 MB of RAM on the IIS Server.)
The following table shows the video-specific hardware requirements for

the IIS workstation on a standalone system.
Video-Specific Requirements
Minimum Recommended
100 Mbps network port 1 Gb network port
Graphics card with DirectX 9.x or later DirectX 10 graphics device with WDDM
with 256 Mb of dedicated RAM 1.0 or higher driver with 512 Mb of
dedicated RAM
Note: Andover Continuum uses stream 2 to display video through video interfaces.
Per standard Pelco Endura video configuration, you should configure stream 2. When
doing so, be sure to set a lower resolution and smaller frame rate. Otherwise, the
performance on your PC may be negatively affected. Be aware that Andover
Continuum only supports H.264 and MPEG4 video formats.
The following table shows the software that is recommended for

standalone systems.
Software for Standalone Systems

Tested & Supported Software for Standalone Systems
Server Microsoft Windows XP Professional workstation (SP3)
OR:
Microsoft Windows Server 2003 (SP2)
OR:
Microsoft Server 2003 R2 (SP2)
OR:
Microsoft Windows Server 2008 using SQL 20081
OR:
Microsoft Windows Server 2008 R2 32-bit or 64-bit modes using
SQL Server 20081
OR:
Microsoft Windows Windows 7 Professional
OR:
Microsoft Windows 7 Ultimate
Browser For Windows XP, or Windows Server 2003: Internet Explorer 8.0
OR Internet Explorer 9.0
For Windows 7: Internet Explorer 8.0 or Internet Explorer 9.0
Note: Be aware that web.Client only supports the 32-bit

version of Internet Explorer.
Internet IIS:
Microsoft Windows XP: IIS 5.0
Microsoft Windows Server 2003: IIS 6.0
Microsoft Windows 7: IIS 7.0

Software for Standalone Systems (continued)

Tested & Supported Software for Standalone Systems
CyberStation Andover Continuum CyberStation Version 1.94
Database SQL Express database engine with the Continuum database
(SP4)
Note: If you are upgrading version 1.94, your database engine is

automatically upgraded to SQL Express, if SQL Express is
not already installed. (See also Chapter 3, Installing and
Configuring web.Client on the IIS PC , Appendix C,
Guidelines for Upgrading to Version 1.94,.and the
Microsoft web site).
Network TCP/IP
protocol
Note: Internet Explorer, IIS, and TCP/IP are included with the
Microsoft operating systems. Upgrades and service packs
are available free of charge from their web site,
www.microsoft.com.
Other Microsoft .NET Framework version 2.0
AND:
Microsoft .NET Framework version 3.5 (SP1)
Windows Installer 3.1

1. No CyberStation or web.Client software installed.
The following table shows the browser PCs that are recommended for
standalone systems.
Browser PCs for Users on a Standalone System

Tested & Supported Browser PCs for Users on a Standalone System
Hardware Software
The video feature requires network access The client browser PC on a standalone
to a digital video recorder. This may system can be running one of the
require you to open port 18772 or following:
establish a Virtual Private Network
(VPN) connection if there is a firewall. z Windows XP Professional (SP3)
z Windows Server 2003 (SP2) or
Windows Server 2003 R2 (SP2)
z Windows 7 Professional or Windows
7 Ultimate
For Windows XP, or Server 2003: Internet
Explorer 8.0 or Internet Explorer 9.0
For Windows 7: Internet Explorer 8.0 or

Verify IE defaults are enabled for Cookies

and JavaScript

Pre-Installation Microsoft Tasks

Before installing web.Client, perform the following tasks.
CAUTION
Microsoft system experience required.
To perform this standard Microsoft procedure, you must have administrative
experience using Microsoft system software and understand that there are differences
in the graphical user interfaces between different Windows platforms. User interface
illustrations are not always provided. Please see your Microsoft Windows online help
and visit www.microsoft.com and other Microsoft web sites.
configuration.
Installing System Software

Install the operating system, TCP/IP, and PC system software that
meet the requirements specified earlier in this chapter.
.NET Framework 2.0

Note: If IIS is installed after .NET Framework, you will experience problems opening
web.Client Pinpoint graphics and some web.Client editors.
To avoid this problem, be sure that IIS has been installed on the server
before Microsoft .NET Framework 2.0 is installed.
If Microsoft Windows already comes with .NET Framework 2.0, or you

have downloaded .NET Framework 2.0 separately during a Windows
upgrade before IIS is installed, run the following command:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
Installing IIS on Windows Server 2008

For Windows Server 2008, install Internet Information Services (IIS)
on the designated web.Client application server (LAN systems) or the
standalone CyberStation/web.Client workstation (standalone system).
The LAN web.Client application server and standalone CyberStation/

web.Client workstation are generically called IIS PC in this manual for
both systems.
1. Start the Server Manager by clicking in the Administrative

Tools menu.
2. In the Server Manager, go to Roles and click Add Roles.

3. In the Add Roles Wizard, Before You Begin page, click Next.
4. In the Select Server Roles page, check the Application Server

checkbox to install .Net Framework 3 as a prerequisite.

5. Click Add Required Features.
6. In the Select Server Roles page, click Next.
7. In the Application Server page, click Next.

.
8. In the Select Server Roles page, check the following checkboxes:

Web Server (IIS) Support, HTTP Activation, and Message
Queuing Activation.

An Add role services/features required dialog displays for each of

your role service selections.
9. Click the Add Required Role Services or Add Required

Features button to install additional features for Web Server
(IIS) Support, HTTP Activation, and Message Queuing
Activation.
10. In the Select Role Services page, click Next.

11. In the Web Server (IIS) page, click Next.
12. In the Select Role Services page, check the IIS 6 Management
Compatibility checkbox.
13. Click Next.
14. In the Confirm Installation Selections page, click Install to

verify your selections.

An Installation Progress page displays with information on the

roles, role services, or features being installed.
15. When the Installation Results page displays, click Close.
Installing IIS on Windows XP and Windows Server 2003

Note: If you have Windows 7, see Configuring IIS for Windows 7.
For Windows XP and Windows Server 2003, install IIS on the

designated web.Client application server (LAN systems) or the
standalone CyberStation/web.Client workstation (standalone system).
The LAN web.Client application server and standalone CyberStation/
web.Client workstation are generically called IIS PC in this manual for
both systems.
For Windows XP: Follow this procedure to install IIS 5.0:
1. From the Control Panel, open Add/Remove Programs. The

Add/Remove Programs dialog appears.
2. Select Add/Remove Windows Components. The Windows

Components Wizard (Windows Components) screen appears.
3. Check the Internet Information Services (IIS) checkbox, and

click Next to install.

4. After the Wizard completes the component-configuration process,

which may take several minutes, click Finish.
For Windows Server 2003: Follow this procedure to install IIS 6.0:
1. From the Control Panel, open Add/Remove Programs. The

Add/Remove Programs dialog appears.
2. Select Add/Remove Windows Components. The Windows

Components Wizard (Windows Components screen) appears.
3. Check the Application Server checkbox.
4. Select and highlight Application Server, and click the Details

button. The Application Server dialog appears.
5. Check the following checkboxes: ASP.NET, Application Server

Console, Enable network COM+ access, and Internet
Information Services (IIS).
6. In the Application Server dialog, select and highlight Internet

Information Services (IIS) and click the Details button. The
Internet Information Services (IIS) dialog appears.
7. Check the following checkboxes: Common Files, Internet

Information Services Manager, and World Wide Web
Service.
8. In the Internet Information Services (IIS) dialog, select and

highlight World Wide Web Service, and click the Details button.
The World Wide Web Service dialog appears.
9. Check the following checkboxes: Active Server Pages, Internet

Data Connector, Server Side Includes, WebDAV Publishing,
and World Wide Web Service.
10. Click the OK button back through all three dialogs.
11. Click Next in the Wizard’s Configuring Components screen. A

progress bar appears on this screen during the configuration
process, which may take several minutes. Please wait.
12. After the Wizard completes the component-configuration process,

click Finish.
Registering File Extensions for Windows Server 2003

If you have Windows Server 2003, you must also register the .PIN and
.EMF file extensions in the IIS MIME Types (for web.Client Pinpoint
graphics).
After IIS installation on Server 2003, follow this procedure:
1. From the Control Panel, double click and open Administrative

Tools. The Administrative Tools dialog appears.
2. Double click and open Internet Information Services (IIS)

Manager. The Internet Information Services (IIS) Manager
dialog appears.
3. In the tree, right click on the machine name, and select Properties
from the popup menu. The Properties dialog appears.
4. Click the MIME Types button. The MIME Types dialog appears.
5. Click the NEW button. The MIME Type dialog appears.
6. In the Extension field, enter .pin and in the MIME type field,
enter pinfiles/plain.
7. Click OK and repeat steps 5 and 6, but in the Extension field,

enter .emf and in the MIME type field, enter image/emf.
8. Click OK three times back through the dialogs.
9. Restart your machine, follow the other pre-installation tasks, and

follow the installation procedures in Installing and Configuring
web.Client on the IIS PC and Testing and Installing web.Client on
a Client PC.
Configuring IIS for Windows 7

If you are installing web.Client on Windows 7, you must configure IIS
settings, as follows.
1. From the Control Panel, open Programs and Features.
2. Under Tasks on the left, click Turn Windows features on or off.

3. In the Windows Features (Turn Windows features on or off)

dialog, in the tree, expand Internet Information Services.
4. Under Internet Information Services, expand Web

Management Tools, then expand IIS 6 Management
Compatibility.
5. Check only the following checkboxes: IIS 6 Management

Console, IIS Metabase and IIS 6 configuration
compatibility, and IIS Management Console. Other checkboxes
must be cleared.
6. Under Internet Information Services, expand World Wide

Web Services, then expand Application Development
Features, Common Http Features, Health and Diagnostics,
Performance Features, and Security.
7. Check only the following checkboxes: .NET Extensibility,

ASP.NET, ISAPI Extensions, ISAPI Filters, Default
Document, Directory Browsing, HTTP Errors, Static
Content, HTTP Logging, Request Monitor, Static Content
Compression, Request Filtering, and Windows
Authentication. Other checkboxes must be cleared.
8. Click OK.
Restart your machine, follow the other pre-installation tasks, and

web.Client on the IIS PC and Testing and Installing web.Client on a
Client PC.
Modifying Application Pools for Windows 7 and Windows

Server 2008
After IIS installation and configuration on Windows 7 and Windows
Server 2008, follow these procedures to modify Application Pools in
order for web.Client to run:
1. Open IIS Manager.
2. Expand the computer name in the left-hand pane and click on

Application Pools in the system tree view.
3. Select DefaultAppPool and click Set Application Pool Defaults.
4. In the Application Pool Defaults dialog box, select Identity under

Process Model.
5. When the selection control appears in the second column, click this
button.

6. In the Application Pool Identity dialog box, select Network Service

in the dropdown menu under Built-in account.
7. Click OK.
8. Then, click OK once more in the Application Pool Defaults dialog

box.
Perform the following steps for 64-bit Systems only:
1. Open IIS Manager.
2. Expand the computer name in the left-hand pane and click on

Application Pools in the system tree view.
3. Select DefaultAppPool and click Advanced Settings.
4. In the Advanced Settings dialog box, change the Enable 32-bit

Applications option to True.
.

Registering File Extensions for Windows Server 2008 and

Windows 7
If you have Windows Server 2008 and Windows 7, you must also
register the .PIN and .EMF file extensions in the IIS MIME Types (for
web.Client Pinpoint graphics).
After IIS installation and configuration on Windows Server 2008 and

Windows 7, follow this procedure:
1. Access Internet Information Services (IIS) Manager.
2. In the Connections tree, select the machine name.
3. In the content pane, under IIS, double click MIME Types. The
Add MIME Type dialog appears.
4. Under Actions, click Add.
5. In the File name extension field, enter .pin.
6. In the MIME type field, enter pinfiles/plain.
7. Click OK and repeat Steps 4, 5, and 6, but in the File name

extension field, enter .emf and in the MIME type field, enter
image/emf.
8. Click OK.
9. Restart your machine, follow the other pre-installation tasks, and

web.Client on the IIS PC and Testing and Installing web.Client on
a Client PC.
SSL Considerations for the IIS PC

The tasks described below are not necessarily pre-installation tasks,
but they are related to establishing support for SSL on the IIS PC. For
detailed instructions, please use the reference links below.
Setting Up SSL on the IIS PC -- web.Client version 1.74 (and higher)

fully supports Secure Sockets Layer (SSL) technology, whereby a
web.Client user can access confidential, secure information over the
Internet. As a system administrator, you must ensure that an SSL
Certificate, acquired by an authorized SSL provider, resides on the IIS
PC. You can set up SSL before or after web.Client installation. For
instructions, please see Establishing SSL Support for Confidential
Information in Chapter 3.
Enabling SSL for web.Client -- After you have set up an SSL

Certificate for the IIS PC, you must enable SSL for web.Client via
web.Client Properties in Internet Information Services. For
instructions, please see Enabling SSL for web.Client in Chapter 3.
SSL and web.Client Pinpoint Graphics -- The graphics package,

web.Client Pinpoint, can be used with an SSL installation. However,
you must perform a few tasks to ensure compatibility with Pinpoint
and ensure access to graphics files that have been set up in the
Pinpoint graphics folders. This is not a pre-installation task. You must
first establish Pinpoint graphics folders (Chapter 3) and set up an SSL
Certificate on the IIS PC. For instructions, please see Setting Up SSL
for web.Client Pinpoint in Chapter 3.
Changing IE Internet Security Options to Accommodate SSL --

After you have set up an SSL Certificate for the IIS PC, you must
modify Internet Explorer Internet Options to disable superfluous
warning messages that users would otherwise see while using certain
web.Client features with SSL. This is not a pre-installation task. For
instructions, please see Changing IE Security Internet Options to
Accommodate SSL in Chapter 3.

Changing the Default TCP Web Port Number for the IIS PC
Normally, the IIS PC defaults to Internet TCP port 80. Some Internet-
access providers do not use port 80. You can change this port number
from 80 to another port number. This can be done before or after
web.Client installation. For more information, please see Changing the
Default TCP Port Number in Chapter 3
Disabling WinSock Proxy Client on Standalone System

To improve performance on a single-user standalone system, disable
the Microsoft WinSock Proxy Client. Follow this procedure:
1. From the Windows Control Panel, double click WSP Client. The
Microsoft WinSock Proxy Client dialog appears.
2. Remove the check from the Enable WinSock Proxy Client

checkbox, and click OK.
Ensuring a Domain Membership Is Selected

To improve performance (if your site has more than one web.Client
user), be sure each PC (computer name) is designated as a member of a
domain, rather than a workgroup, via the Microsoft Windows system
properties network identification.
Note: After installing web.Client, be sure you configure Distributed COM (DCOM)
default security settings and disable HTTP keep-alives. For those Microsoft
procedures, see Chapter 3, Installing and Configuring web.Client on the IIS
PC. See also Appendix A, web.Client Security and Troubleshooting Tips for
troubleshooting tips.
Avoiding Invalid Characters in a Server Name

When specifying a name for the web.Client IIS server, be sure the
server name does not contain an underscore character (_). If the
web.Client IIS server has an underscore, such as http://
www.boston.com/yourtown/news/malden/2010/05/
planning_board_gives_green_lig.html, it will not be able to set cookies.
Disabling Windows Automatic Updates and Windows Firewall

It is mandatory that you turn off Automatic Windows Updates for all
Windows operating systems. To do so, access the Automatic Updates
through the Control Panel and ensure that they are disabled.
You should also ensure that you disable Windows Firewall for all
Windows operating systems. For Windows Server 2008 and Windows 7,
follow these instructions:
1. In the Control Panel, click System and Security and then

Windows Firewall.
2. Disable all three Windows firewalls: Domain, Public, and

Private.
3. Select Administrative Tools and then double-click Services.
4. Double-click Windows Firewall.
5. Click Stop to disable Windows Firewall.
6. Also, in Services, locate and double-click Software Protection.

7. Click Stop to disable Software Protection.
8. In Services, locate and double-click Windows Defender.
9. Click Stop to disable Windows Defender.
10. In Control Panel, click System and Security and then Action
Center.
11. Disable the anti-virus software. For more information, see the anti-
virus product documentation.
12. Install the Andover Continuum software. Be sure to run the setup
as administrator.
Windows 7 and User Account Control Data Redirection

Before the introduction of Windows 7, administrators typically ran
applications. As a result, applications could freely read and write
system files and registry keys. These applications would fail, however,
when run by Standard users due to insufficient access. With Windows
Windows 7, application compatibility for Standard users has improved
considerably since writes are now transparently and automatically
redirected to a per-user location within the user’s profile.

By design, Andover Continuum writes files to the Program

Files\Continuum directory. This includes Pinfiles (.pin) for graphics,
Menu files (.mnu) for the Continuum shell, XML (.xml) for the
Personnel Manager custom buttons, and text files (.txt) for
CommandLine macros.
For example, if User Account Control is enabled when creating a

graphic, Andover Continuum attempts to create the .pin file in the
Program Files\Continuum\NewGraphicsFiles folder. If the user does
not have permissions to write to that folder, the write operation is
redirected instead to the following location:
Users\<Username>\AppData\Local\VirtualStore\Program
Files\Continuum\NewGraphicsFiles
On 64-bit systems, the user is redirected here instead:
Users\<Username>\AppData\Local\VirtualStore\Program Files
(x86)\Continuum\NewGraphicsFiles
Later, if another Windows’ user logs on to the workstation, that user

will be unable to access the Pinpoint graphic.
CAUTION
If you are an Andover Continuum administrator, you resolve this
issue by either turning off User Account Control or allowing
read\write permissions to the Program Files\Continuum or Program
Files (x86)\Continuum folder for all of your Standard users.
Chapter 3
Installing and Configuring
web.Client on the IIS PC
This chapter contains the following topics
z Overview
z Installing web.Client on the IIS PC
z web.Client Video System Upgrades
z Configuring Your Video Servers
z Configuring Graphics Folders for web.Client: Windows XP and
Windows Server 2003
z Configuring Graphics Folders for web.Client: Windows Server 2008
and Windows 7
z Establishing Pinpoint Folders
z Configuring DCOM Default Security Settings
z Disabling HTTP Keep-Alives
z Resetting Timeout and Live Events Via web.config File
z Establishing SSL Support for Confidential Information
z Changing the Default TCP Port Number

Chapter 3: Installing and Configuring web.Client on the IIS PC
Overview
This chapter provides instructions for installing and configuring
web.Client version 1.94 on the IIS PC, defined as follows:
z The IIS PC on a LAN system is the IIS server with Windows Server
2003, Windows Server 2008, Windows XP Professional workstation,
or Windows 7.
z The IIS PC on a standalone system with web.Client is the single
machine (Windows XP Professional workstation, Windows Server
2003, or Windows 7) on which both IIS and Continuum database
reside.
CAUTION
in the graphical user interfaces between different Windows platforms. User-interface
illustrations are not provided. Please see your Microsoft Windows online help and visit
www.microsoft.com and other Microsoft web sites.
configuration.
The procedures in this chapter are for a first-time installation. If you

are upgrading to web.Client version 1.94, refer to Appendix C,
Guidelines for Upgrading to Version 1.94, which presents some
guidelines for this upgrade. See also the Andover Continuum
CyberStation Installation Guide, 30-3001-720.
Installing web.Client on the IIS PC

Follow this procedure to install web.Client on the IIS PC.
1. Insert the web.Client CD. The Install web.Client screen displays.
Click Install web.Client to begin.
2. If you do not have the Microsoft VS 2008 C++ Redistributable

installed, an InstallShield Wizard appears and indicates that this
application is required before the CyberStation installation begins.
Click Install.
Continuum then checks to ensure that Microsoft .NET Framework

3.5 is also installed. If not, the following message displays:

Continuum then checks to ensure that Microsoft .NET Framework

3.5 is also installed. If not, the following message displays:
Follow these instructions, discontinue this CyberStation

installation, and install the .NET Framework 3.5 from the
Continuum release CD.
Once these requirements are installed, return to this installation

and when the initial Install web.Client screen displays once
more, click Install web.Client.
Note: If you do not have the correct Microsoft service pack installed, you will receive a
warning message, asking you to install the correct software. See Chapter 2 for
software requirements.
3. When the web.Client Installation dialog appears, click Next to

continue.
If your key is not enabled for web.Client, you will receive a warning
message. You may continue with the installation or cancel.
4. The License Information dialog appears. Read and accept the

license agreement, and click Next to continue.
5. The RegisterUser dialog appears. Enter your User Name and

Company Name.
Later, after web.Client is installed, you can right-click on the

Continuum icon in your tool tray and select About to display the
About Continuum dialog, which lists the information from the
RegisterUser dialog.
6. An Alias Information screen appears explaining what happens

next in the installation.

After reading this screen, click Yes to continue.
The Enter Text screen asks you to provide the web.Client Virtual
Directory Alias. Keep the default alias (WebClient) or provide your
own alias. Click Next to continue.
7. The Create Web Server Virtual Directory screen asks you to

select the physical path for your virtual Web Server directory.
Select the default directory, or supply your own directory. Click
Next to continue.
The Setup Status screen appears as the files are installed.
Once the progress bar disappears, the Create IIS Application

window appears and informs you that the IIS application is being
created.
Then, you are asked if you would like to read the latest web.Client
release notes. Click Yes or No.

Finally, you are asked if you would like to run the Database
Initialization program now. Click Yes or No.
web.Client is now installed on the IIS PC. Depending on your system,

follow one of the next three procedures, covered in the following
subsections:
z Creating and Initializing the Database on a Standalone IIS PC

z Adding web.Client to an Existing Standalone Database
z Initializing the Database on a LAN IIS PC
Creating and Initializing the Database on a Standalone IIS PC

A first-time database installation on a standalone system happens in
two steps via the Database Initialization dialog:
Step 1: Installing the SQL Express database engine.
Step 2: Creating a new Continuum database.
Note: After successful installation, the Continuum Database Initialization dialog

automatically appears.
Installing SQL Express Via Database Initialization Dialog
CAUTION
Close all applications on your computer before installation.
After SQL Express is installed, your PC restarts immediately. You cannot restart your
computer later. Be sure to close all open applications on your computer.
Failure to observe this precaution will result in the loss of your work.
Follow this procedure:
1. From the Start menu, select Programs > Continuum >

Database Initialization.
2. Select Stand Alone from the Continuum Database

Initialization dialog.

The Database Initialization dialog appears.
3. Select the Create New Database radio button.
Note that Microsoft SQL Server is shown in the DBMS Name

field dropdown menu.
4. Ensure that Continuum (default setting) appears in the Data

Source Name field.
5. Ensure that (Workstation Name)\SQLEXPRESS appears in the

Server Name field. For example, QUALPC217 is the workstation
name used in the previous dialog.
6. Leave the Database Name at its default, ContinuumDB.
7. Enter your login ID, Andover97, in the User Login ID field.
8. Enter your user password in the User Password field.
Note: If you are upgrading to Version 1.94, and you accepted the pre-1.94 default
password, Pyramid97, you must enter Pyramid97 here. If you are installing
web.client for the first time, use a password of your choice.
9. Re-enter your password (Pyramid97 if you are upgrading to 1.94

from the previous version default) in the Confirm Password field.
10. DB File Location: If you leave DB File Location at its default

path, then you must leave SQL Express at its default path when it
is installed. If you browse a different path for DB File Location,
then you must browse SQL Express to the same file path when it is
installed.
11. Leave the Database Size at its default setting.
12. Enter a system administrator password of your choice into the Sa

Password field.
This password must meet Microsoft SQL Server rules for the
composition of a password:
The password must be at least eight characters long.
The password must not contain all or part of the user’s account name
(three or more alphanumeric characters).
The password must not contain the following characters: comma (,),
period (.), hyphen (-), underscore (_), or number sign (#).
The password must contain characters from three of the following four
categories:
Uppercase letters (A...Z)

Lowercase letters (a...z)
Digits 0...9
Non-alphanumeric characters, such as exclamation (!) and dollar ($)
Otherwise you will receive this warning:
13. In the Windows User Name field, enter your Microsoft Windows
system user name here. This is necessary with SQL Express. You
must have administrative access in order to run the automated
scripts that are part of the database initialization process.
14. Enter your Microsoft Windows system password and confirm that
password in the Windows Password and Confirm Password
fields, respectively.
CAUTION
The password you enter here is required to execute scheduled SQL Server tasks. Should
you later change your Windows password, these scheduled tasks will no longer execute.
To correct this, access the Scheduled Tasks in Windows and change their password with
the Set Password button in their Properties dialog
15. Check the checkboxes as follows:
Note: Be sure the Create Default List Views, Create System List Views, Create
System Alarm Enrollments, and Enhanced Alarm Logging boxes are
checked. If you leave them unchecked, CyberStation does not import the
necessary dump files. The dump files generate all of the default views, so the
listviews and alarms are not created. In addition, faster alarm logging is not
activated. The dump file import happens as soon as the workstation is started
for the first time after installation and the appropriate files are placed in
folders. For more information on Listviews, alarms, and alarm logging, please
see the Continuum CyberStation online help.
a. Create Default List Views - Check this box to import and create list-
views (from the ASCII dump file, DefaultListViews.dmp) for all Cyber-
Station object classes.
b. Create System List Views - Check this box to import and create list-
views (from the ASCII dump file, List.dmp) for system information
other than object class defaults (for example, all events).
c. Create System Alarm Enrollments - Check this box to import con-
figured system AlarmEnrollment objects (from the ASCII dump file,
SystemAlarms.dmp). These define the basic conditions under which
CyberStation points go into alarm.
d. Create/Update Graphical Report Settings - Check this box to
import graphical report templates. CyberStation supplies many
Report templates that include bar-chart templates, pie-chart tem-
plates, and trend templates, giving Reports a certain default “look and
feel.” If you do not check this box, then these report templates will not
be available. For more information on Reports, see the Continuum
CyberStation online help.
e. Enhanced Alarm Logging - Check this box to activate an enhanced
method that automatically speeds up the process of logging alarms
with workstations. Without enhanced alarm logging, configuration of
workstation recipients in EventNotification objects becomes more
cumbersome.
Note: If the Enhanced Alarm Logging checkbox is not checked, the Enhanced
Alarm Delivery checkbox becomes unselectable.
f. Enhanced Alarm Delivery - This checkbox is intended for a system

with multiple workstations. Check this box only if you intend to add
more workstations to the system. If more workstations will not be
added, then leave it unchecked.
Note: This setting has no effect on BACnet alarms, which can be guaranteed through
the configuration of BACnet alarm notifications.
Checking this checkbox guarantees the delivery of alarms to all

recipient workstations regardless of their status at the time of the
alarm generation.
This selection activates special background applications and processes

(already installed) that establish an ongoing connection between
workstations and the database server, where new alarms are written.
Enhanced alarm delivery guarantees alarm delivery even when
connections are lost. The alarms are delivered when the connection is
restored.
Enhanced alarm delivery provides a suite of diagnostic and

troubleshooting tools that allow you, for example, to monitor the status
of alarm messages and background alarm delivery processes as well as

ping a particular workstation to deliver an alarm message that, for

some reason, could not be delivered. For instructions on how to
activate these diagnostic tools, please contact product support services.
g. Extended Logging Backwards Compatibility - If you want to use

pre-Version 1.7 “old” extended logging, in addition to “new” extended
logging, be sure this checkbox is checked.
Note: Before version 1.7, you created Plain English programs for extended logs.
These programs facilitated extended log tables in the database, one table per
controller. In version 1.7 or higher, you must check the Extended Logging
Backwards Compatibility box to retain the older method for creating
extended logs, while also enabling new extended logging functionality.
For more information about extended logs, please see the Continuum
16. Click the Continue button.
The Is SQL Express Installed dialog appears.
For first time installations, you should see this dialog. If, in the
very unlikely event, you do not see this dialog, it means SQL
Express is already on your computer for some other reason.
If it is not installed, proceed to the next step. If it is already

installed be sure it has been configured with the correct settings, as
defined in the CyberStation Installation Guide, 30-3001-720.
17. Select the Install SQL now radio button and click OK. SQL
Express is then installed automatically.
During SQL Express installation, the software checks your

computer for certain problems that could complicate SQL
installation and/or the creation or update of the Continuum
database. There are several different scenarios. For example, third-
party software may generate license-agreement issues. For a
detailed description of these issues, how CyberStation resolves
them, and a list of error messages, please see Appendix D, SQL
Express Installation Error Messages.
If there are no problems, the Select Folder dialog appears.
18. Accept the default path, or use the browse button to select a
directory in which to install SQL Express, and click OK.
Note: If you left DB File Location at its default path, then you MUST leave SQL
Express at its default path when it is installed. If you browsed a different path
for DB File Location, then you must browse SQL Express to the same file
path
Note: Be sure that the drive you have selected has a minimum of 2 GB of free space
available.
19. The Extracting Files progress window appears. The unpacking

takes approximately 1 to 5 minutes. Next, the Microsoft SQL
Server 2005 Setup progress window appears. This also can take
several minutes. After the installation has completed, the reboot
dialog appears, which may take up to 60 seconds. Do not proceed
until this dialogue appears. Click OK and reboot your computer.
Note: Reboot happens immediately. You do not have the choice of doing this later.
20. After rebooting, a screen telling you that SQL script is running
then appears. This screen closes automatically after a few minutes.

21. After your PC finishes rebooting, verify MSSQL server is running.

Double click the SQL Server Service Manager icon in the
system tool tray.
The SQL Server Service Manager dialog appears.
The status bar at the bottom of the dialog should read:
Running - \\WorkstationName\SQLEXPRESS - MSSQLServer
Note: If the SQL Server Service Manager icon is not present in the system tool
tray, try running it from the Windows Start menu. Click Start, select
Programs and Startup. The SQL Server Service Manager icon should be
there. If this does not work, contact the Schneider Electric Technical Support
department for further instructions.
Adding web.Client to an Existing Standalone Database

On a standalone single-user system, if you are adding web.Client to an
existing Continuum database, perform this procedure.
1. Be sure you have performed the procedure, Installing web.Client on

the IIS PC. After the server reboots, the Continuum Database
Initialization window appears.
2. Select Stand Alone.
The Database Initialization dialog, shown on the next page,

appears.
3. Select the Update Existing Database radio button.
4. Click the Continue button.
Upon completion, you receive this message:

Database successfully updated
5. Click OK.
The Continuum Database Initialization window reappears.
6. Click Close.

Initializing the Database on a LAN IIS PC

Prior to using your web.Client LAN system IIS PC, perform the
following procedure to initialize the database. The detailed procedure
for CyberStation is presented in the Andover Continuum CyberStation
Installation Guide, 30-3001-720, but the web.Client specific steps are
shown, as follows:
1. After the server reboots, the Continuum Database

Initialization window appears. Select Workstation.
2. Once the database is set up on your web server, the main

Workstation Configuration dialog, shown on the next page,
appears.
Select the Workstation tab to set the workstation parameters. Set

the Workstation Name, Folder Name, Device Node ID and
Network ID for the workstation. See the Andover Continuum
CyberStation Installation Guide, 30-3001-720, for further details.

Note: The Andover Continuum CyberStation Installation Guide, 30-3001-720,

provides important guidelines for entering information in the Workstation
Configuration dialog. Refer to that manual.
3. Select the Database tab, shown on the next page.
4. Fill in the fields as shown below if you are adding a new server to a
LAN system. If this is a server upgrade, they will be populated
automatically. The Server Name field should be set to the name of
your Continuum database server.
5. Click OK to activate the workstation, then click Close on the

Continuum Database Initialization window to complete the
database initialization.
6. Run web.Client on this machine. This will create the final objects
in the Continuum database for this workstation.
web.Client Video System Upgrades

If you are upgrading from a 1.92 and earlier version of web.Client, the
Learn All Video Servers dialog appears at the completion of the
database initialization process. You must learn your video servers in
order to see cameras.
For more information on configuring video servers, see Configuring

Your Video Servers. For more information on upgrading web.Client, see
Appendix C, Guidelines for Upgrading to Version 1.94.
1. Click Yes to learn all servers and cameras now, or No to learn

them later in CyberStation’s Video Administrator.
It is recommended that you learn video servers and cameras now

since it is more efficient to learn them all at once rather than
learning them individually later.
Note: Should you choose not to learn servers and cameras now, you will need to learn
them later in Video Administrator. For more information on learning cameras ,
see the Video Administrator Settings tab in the CyberStation online help.
If you click Yes, the Learn All Video Servers - Status dialog,
shown on the next page, displays. It shows a count of the servers
and cameras as they are learned.
2. Click Close to stop the learn process at any time.
The video servers and cameras will then be in a partially-learned

state- with only those servers and cameras that have been learned
to that point displaying in the Learn All Video Servers - Status
dialog.

Note: If your video system is unstable, you may receive an ERROR:SERVERNAME

message during the learn process. Should this occur, ensure that your system
is stable and then perform a single Learn Cameras operation for that server.
For more information, see the Video Server Editor - General Tab in the
Routing Alarms to the IIS PC on a LAN System

On a LAN system, perform the following procedure from another
CyberStation to route alarms to the IIS PC:
1. For every EventNotification object, add the IIS PC’s workstation to

the list of alarm recipients to be notified. To do so, open the
EventNotification editor and select the Delivery tab.
2. In the Delivery tab, click the Add Recipient button. The

Recipients Configuration dialog, shown on the next page,
appears.
3. Use the Recipient field’s browse button and the browse dialog to
search for and select the workstation that is on the IIS PC.
4. Configure these settings appropriately for your system. There are

several ways to configure recipients, according to your needs.
Refer to the Continuum CyberStation online help, for information

on the configuration of event notifications.
5. Click OK to save the settings.

Note: For additional enhanced alarm delivery, ensure that the Enhanced Alarm
Delivery checkbox is checked via the Database Initialization dialog. For
detailed information on the checkboxes in the Database Initialization dialog,
please see the Andover Continuum CyberStation Installation Guide, 30-3001-
720.
Configuring Access Permissions for web.Client Users

Perform the following CyberStation procedure to grant or deny security
access permissions for web.Client users.
1. From the system tray in the lower right corner of your screen,
right-click on the Continuum icon, and select Security from the
popup menu to open the Security editor.
2. Select the Actions tab of the Security editor.
3. Scroll down to the bottom of the folder tree structure.
4. Expand the web.Client folder.
A list of all web.Client permissions, or “actions” appears.
5. For each user group, edit each web.Client action to grant or deny
permission to access the web.Client feature. To grant access, click
to display a key, as shown above. To deny access, leave the lock, or
if unlocked, click to display a lock.
For complete Continuum security configuration procedures, see the

Andover Continuum CyberStation Access Control Essentials Guide, 31-
3001-405, or the Continuum CyberStation online help.
Configuring Your Video Servers

For your users to access the web.Client video surveillance monitor (also
known as a “video layout”) and assign one or more cameras to a video
layout camera matrix, at least one video server must have been
configured via Continuum’s VideoServer object editor, so that its
cameras are available to the video layout.
Note: VideoServer and VideoLayout objects are created on CyberStation. Though you
may modify a VideoLayout in web.Client, you cannot save your modifications
in web.Client; only on CyberStation.
For more information on configuring a video server (and the

VideoServer object) please see VideoServer in the Continuum
CyberStation online help. For more information on configuring video
layouts, please see Video in the web.Client online help.

Configuring Graphics Folders for web.Client: Windows

XP and Windows Server 2003
If you have Windows XP or Windows Server 2003, perform the following
procedures. If you have Windows 7, see Configuring Graphics Folders for
web.Client: Windows Server 2008 and Windows 7.
Your users must access web.Client Pinpoint graphics file folders as URL
web-address locations on the Internet. This section presents the
following procedures:
z Specifying a Local Folder as a Web Address

z Specifying a Network Folder as a Web Address
z Verifying Anonymous Access to Virtual Folders
Note: If you are using SSL (and an SSL Certificate) to facilitate exchanges of
encrypted, confidential information, then you must also set up web.Client
Pinpoint to be compatible with SSL. For instructions, please see Setting Up
SSL for web.Client Pinpoint later in this chapter.
Note: web.Client does not support multiple network interface cards (NICs).
Specifying a Local Folder as a Web Address

Use the following procedure to specify local folders as web addresses:
1. Using your Windows Explorer, search for and select the folder that
you wish to access as a URL web address. For example, suppose the
folder name is NewGraphicsFiles.
2. Right click on the folder. The Properties dialog appears (in this
example, entitled NewGraphicsFiles Properties).
3. Select the Web Sharing tab on the Properties dialog.
4. Click the Share this folder radio button. The Edit Alias dialog
appears.
5. Check the Read, Write and Directory browsing checkboxes in the

Access permissions section, and be sure the Scripts radio button
is selected in the Application permissions section.
6. Click OK. This graphics folder can now be accessed via the web
address:
http://ServerName/NewGraphicsFiles
If the server is registered in an Internet domain, the URL would be:
http://www.ServerName.com/NewGraphicsFiles
where ServerName is the IIS PC.
Normally, Internet port numbers default to port 80. Some Internet

access providers use a port other than port 80. If you have such a
provider, then Pinpoint graphics files may not be accessible. As a
workaround, you can specify a port number other than 80 (the
default) directly in the URL:
http://ServerName:PortNumber/NewGraphicsFiles
where ServerName is the IIS PC and where PortNumber is an
integer representing the number of the desired port.
If the server is registered in an Internet domain, the format would

be:
http://ServerName.com:PortNumber/NewGraphicsFiles
Note: You can also permanently change the default TCP port number. See Changing
the Default TCP Port Number later in this chapter.
Refer to Establishing Pinpoint Folders to finish this procedure.
Specifying a Network Folder as a Web Address

Perform the following procedure to specify remote network graphics
folders as URL web addresses that can be accessed via web.Client on
the Internet:
1. Using your Windows Start menu, select Settings, then Control

Panel.
2. From the Control Panel, select Administrative Tools.

The Administrative Tools dialog appears.
3. From the Administrative Tools dialog, select Internet Services

Manager (or Internet Information Services in Windows XP).
The Internet Information Services dialog appears.
4. From the explorer tree, expand your server name directory,

exposing the default subdirectories.
5. Right click on the Default Web Site subdirectory.
6. From the popup menu, select New, then Virtual Directory. The
Virtual Directory Creation Wizard appears.
7. Click the Next button to continue.
The Virtual Directory Alias screen appears.
8. In the Alias field, enter an alias name that you want to use to gain
access to this virtual web directory.
For example, you could enter NewGraphicsFiles.
9. Click the Next button to continue. The Web Site Content

Directory screen appears.
10. In the Directory field, enter (or use the Browse button to search
for) the network server/drive and path containing the graphics
files.
11. Click the Next button to continue.
12. Enter a user name and password to gain access to the network
resource.
13. Click Next, and enter the password again to confirm.
If you have a Windows Server 2003 machine - On Windows

Server 2003, you must uncheck the checkbox, Always use the
authenticated user’s credentials when validating access to
the network directory. Removing the check from this box makes
the user and password fields selectable.
14. Click the OK button. The Access Permissions screen appears.
15. Check the Read, Write, Browse, and Run Scripts checkboxes.
16. Click Next.
17. Click Finish.
18. Using the example alias name, NewGraphicsFiles, established in

step 8, the graphics files can now be accessed via the web address:
http://ServerName/NewGraphicsFiles
where ServerName is the IIS PC. If the server is registered in an

Internet domain, the URL would be:
http://www.ServerName.com/NewGraphicsFiles
Normally, Internet port numbers default to port 80. Some Internet

access providers use a port other than port 80. If you have such a
provider, then Pinpoint graphics files may not be accessible. As a
workaround, you can specify a port number other than 80 (the
default) directly in the URL. (See Step 6 in the previous section for
details.)
Note: You can also permanently change the default TCP port number. See Changing
the Default TCP Port Number later in this chapter.

Verifying Anonymous Access to Virtual Folders

If you have a Windows Server 2003 or Windows XP machine(s), you
must also verify that anonymous access to the virtual folders is
established, as follows:
1. From the Control Panel, double click and open Administrative

Tools. The Administrative Tools dialog appears.
2. Double click and open Internet Services Manager. The Internet

Information Services (IIS) Manager dialog appears.
3. In the tree, expand your machine name, expand Web Sites, and
expand Default Web Sites.
4. Right click on NewGraphicsFiles, and from the popup, select

Properties. The NewGraphicsFiles Properties dialog appears.
5. Select the Directory Security tab, and under Authentication

and access control, click the Edit button. The Authentication
Methods dialog appears.
6. Check the Enable anonymous access checkbox.
7. Click OK.
Configuring Graphics Folders for web.Client:

Windows Server 2008 and Windows 7
If you have Windows Server 2008 and Windows 7, perform the
following procedures. If you have Windows XP or Windows Server
2003, see Configuring Graphics Folders for web.Client: Windows XP
and Windows Server 2003.
Your users must access web.Client Pinpoint graphics file folders as

URL web-address locations on the Internet.
This section presents two procedures:
z Setting Up an Application for Graphics on Windows Server 2008

and Windows 7
z Giving Everyone Access to Graphics Files on Windows Server 2008
and Windows 7
Setting Up an Application for Graphics on Windows Server

2008 and Windows 7
Perform the following procedure to set up an application (folder) to
accommodate graphics files on Windows Server 2008 and Windows 7:
Note: For 64-bit systems, when you are directed to enter a graphics file path, specify
the following: C:\Program Files (x86)\Continuum\NewGraphicsFiles.
1. Access the Internet Information Services (IIS) Manager.
2. Under Connections, under computer name, expand Sites.
3. Expand Default Web Site.
4. Right click over Default Web Site, and select Add Virtual
Directory from the popup menu.
5. In the Add Virtual Directory dialog, enter NewGraphicsFiles

in the Alias field.

6. In the Physical path field, specify the following:
C:\Program Files\Continuum\NewGraphicsFiles
7. Click OK.
8. Share the graphics folder with everyone and provide full-control

access. For more information, see Giving Everyone Access to
Graphics Files on Windows Server 2008 and Windows 7.
9. Under Default Web Site, select the newly created

NewGraphicsFiles folder.
10. In the NewGraphicsFiles Home pane, under IIS, double-click

and open Directory Browsing.
11. Under Actions, click Enable.
12. Configure the following Local Settings for the NewGraphicsFiles

application.
Under Connections > Default Web Site, right-click on the
NewGraphicsFiles folder.
Select Manage Application and then Advanced Settings.
Check the path.

Launch Internet Explorer.

Browse to the following sample web location as a test:
http://ser8web/NewGraphicsFiles
Files under this web location display.
13. Configure the following Remote Share settings for the

NewGraphicsFiles application.
Map a drive to the share.
Add the mapped path to the options in Continuum Graphics.
Under Connections > Default Web Site, right-click on the graphics
folder (in this example, a new virtual directory called
NewGraphicsFiles2).
Select Manage Application and then Advanced Settings.
Check the path.

Note: Be sure to add a service account here that has local login rights. For the
purposes of this example, a backup administrator’s account is used. Your IT
department should be able to create and assign one for you.
Launch Internet Explorer.

Browse to the following sample web location as a test:
http://ser8web/NewGraphicsFiles2
Files under this web location display.
14. Should you receive a Simple Object Access Protocol (SOAP) error
when attempting to access this web location:
15. Access and open the Web.config file located in:
C:\\Program files\Continuum\DNWACServerFactory\
16. Using Wordpad as user Administrator, add the following lines to

the present Web.config file:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping=”True”/>
</security>
<directoryBrowse enabled=”true”/?
</system.webServer>

Note: In Windows 7, there is a permissions issue with User Account Control and
graphics in Andover Continuum. If you do not have permission to write to the
NewGraphicsFiles folder, the write operation is redirected to the
Users\<Username>\AppData\Local\VirtualStore\Program
Files\Continuum\NewGraphicsFiles folder. For more information and a
resolution for this issue, see “Windows 7 and User Account Control Data
Redirection” on page 55.
Giving Everyone Access to Graphics Files on Windows Server

2008 and Windows 7
Follow this procedure to add everyone full-control access to the
graphics files folder on Windows Server 2008 and Windows 7.
1. Access Internet Information Services (IIS) Manager.
2. In the Connections tree, expand the computer name, then Web

Sites, then Default Web Site.
3. Right click over NewGraphicsFiles. (See also Setting Up an

Application for Graphics on Windows Server 2008 and Windows 7.)
4. From the popup menu, click Edit Permissions (Windows 7).
5. In the NewGraphicsFiles Properties dialog, select the Security

tab, and click the Advanced button.
6. In the Advanced Security Settings for NewGraphicsFiles

dialog, select the Permissions tab, and click Edit.
7. When the Permissions tab reappears, click Add.
8. In the Select User or Group dialog, specify the location for the
object (Everyone). Make sure the computer name appears beneath
From this location, and click Find Now.
9. In the Search results list, double click Everyone.
10. In the Permission Entry for NewGraphicsFiles dialog, Object

tab, check the Full Control checkbox).

11. Click OK.
12. Launch Microsoft Notepad as user Administrator. (That is, when

you open this program, right click on its menu selection, and from
the popup menu, select Run as administrator.)
13. Access and open the ApplicationHost.config file located in:
C:\Windows\System32\inetsrv\config\
14. Change this line:
<section name=”requestFiltering” overrideModeDefault=”Deny” />
to:
<section name=”requestFiltering” overrideModeDefault=”Allow” />
15. Access and open the Web.config file located in:
C:\\Program files\Continuum\DNWACServerFactory\
16. Using Notepad as user Administrator, add the following lines to the
present Web.config file:
<system.webServer>
<security>
<requestFiltering allowDoubleEscaping=”True”/>
</security>
</system.webServer>
</configuration>
17. Launch Internet Explorer.
18. From the Tools menu, select Internet Options.
19. In the Internet Options dialog, select the Connections tab and
click LAN Settings.
20. In the Local Area network (LAN) Settings dialog, make sure
the Automatically detect settings checkbox is cleared.
21. Click OK.

Establishing Pinpoint Folders

Note: This Web Locations tab on the Options dialog appears only on Continuum
workstations that have the web.Client application installed and the graphics
package enabled.
Perform the following procedure:
1. Log on to Continuum and start Pinpoint. (See the Continuum

CyberStation online help for details.)
2. From the Pinpoint application window, select the View dropdown

menu, then Options. The Options dialog appears.
3. On the Web Locations tab, enter the appropriate paths to the

following shared folders.If the image folder and background folder
are under NewGraphicsFiles (the sample folder you just specified
as a web address) then, in the Web Locations tab of the Pinpoint
Options dialog, the new paths would be:
http://ServerName/NewGraphicsFiles/imagelibrary
and
http://ServerName/NewGraphicsFiles/backgrounds
z NewGraphics (Pin) Files - This is the location (specified as a

URL web address) from which Pinpoint panel (.PIN) files are
accessed. In a multi-user setup this could be a shared location
across the workstations.
z ImageLibrary - This is the image file location (specified as a URL
web address) that contains ready-made images that you can use to
make graphic panels in Pinpoint. This is usually set up and copied
by the installation program.
z Backgrounds - This is the image folder location (specified as a
URL web address) that contains background files that serve as
backgrounds for the panels. These files are specified per graphic in
the Configuration editor of the CyberStation Pinpoint graphics
application.
Note: Ensure that you have given accessible sharing privileges to the above three
folders so that all client machines can view the graphics. To ensure the paths
you entered are correct, click the Check button.
If the path is incorrect, the symbol appears next to the incorrect

path. If the three paths are correct, click OK and close Pinpoint.
CAUTION
Manually changing an IP address
If you use a specific IP address in the Graphics (Pin Files) field, instead of
ServerName, and then manually change the IP address (in the IP Address field of the
Default Web Site Properties dialog, accessed via the Control Panel’s
Administrative Tools - Internet Services Manager - Default Web Site properties)
the Graphics URL no longer works. You must go back and change the path in the
Graphics (Pin Files) field in the Options dialog to match what was changed in the IP
Address field, or enter a server name. To map the local host to this new IP address, you
must also edit, and place this new entry into the LMHOSTS.SAM file located in:
C:\WINNT\system32\drivers\...
Failure to observe this precaution can result in failure to access

web.Client Pinpoint graphics files.
4. Log out of Continuum.
5. Stop and then restart your IIS server, or reboot the machine.
6. Lock your computer.

Configuring DCOM Default Security Settings

CAUTION
in the graphical user interfaces between different Windows platforms. User-interface
Failure to observe this precaution can result in equipment issues.
After installing web.Client, the default security permissions for both

access and launch might not be set. You must verify that the
Distributed COM (DCOM) default security is configured properly. This
involves editing the default access permissions and default launch
permissions.
Configuring Default Launch and Access Permissions

Edit default launch permissions and default access permissions, as
follows. Repeat this procedure for the ACWPPServerProxy and
ACCXMLAuto, and ACWebServerProxy applications.
Perform the following procedure for Windows XP Professional,

Windows Server 2003, and Windows 7.
Note: If you are installing web.Client Version 1.94 for the first time on a PC that does
not contain any Adobe Acrobat product, you will likely receive a DCOM
warning regarding Adobe Acrobat Reader, which is installed automatically
with web.Client. The warning states that a class ID is not recorded in
\\HKEY_CLASSES_ROOT\AppId. When you are asked “Do you wish to
record it?” click Yes.
1. From the Windows Start menu, select Run, and run the DCOM
configuration utility. (In the Run dialog, enter dcomcnfg, and
click OK.)
The Component Services dialog appears.

2. In the explorer tree, expand Component Services, expand the

Computers folder, expand My Computer, and expand DCOM
Config.
3. Right-click over AccDataServices, and select Properties from

the popup menu.
The AccDataServices Properties dialog appears.
4. Select the Security tab, and in the Launch and Activation

Permissions section, select the Customize radio button.
5. Click the Edit button.
The Launch Permission dialog appears, displaying a Group or

user names window and a Permission for... window.
6. Click the Add button.
The Select Users, Computers, or Groups dialog appears.
7. Click the Locations button, and from the Locations dialog, select
the IIS PC (computer) name. It usually appears at the top of the
list. Click OK.
You can also specify an object type via the Object Types button.
8. From the Select Users, Computers, or Groups dialog, click the

Advanced button.
A blank window appears at the bottom of the dialog.
9. Click the Find Now button. The window at the bottom of the
dialog becomes populated with the names and locations of users
and groups.
10. For Windows XP, highlight and add this account:
ComputerName\ASPNET (ASP.NET)
For Windows Server 2003, IIS 6.0, and Windows Server 2008, and
Windows 7, IIS 7.0, highlight and add these accounts:

NETWORK SERVICE
INTERACTIVE
IUSR
IWAM
11. Click OK, and OK again to close the Select Users, Computers,
or Groups dialog.
12. On the Launch Permissions dialog, in the Permissions for...

window, check the Local Launch and Local Activation
checkboxes for each user/group.
13. Click OK.
14. From Security tab of the ACCDataServices Properties dialog,

in the Access Permissions section, select the Customize radio
button, then click the Edit button.
The Access Permission dialog appears, displaying a Group or

user names window and a Permission for ... window.
15. Repeat steps 6 through 12 for Access Permissions this time

(instead of Launch and Activation Permissions). But in step
12, be sure to select the Local Access checkbox.
16. Repeat steps 3 through 14 for AccXMLAuto,

ACWebServerProxy, and ACWPPServerProxy application (in
addition to AccDataServices).
Note: In Windows XP, the ACCXMLAuto application may have the following global
unique identifier name:
{08B49494-6EF2-11D5-82F7-00500462D6CE}
Note: After installing web.Client, check that the default document on the web.Client
virtual directory is set. (See Tip 5 - Enabling the Default Document in
Appendix A.)

Disabling HTTP Keep-Alives

When your IIS PC is a Windows XP Professional workstation, you must
disable HTTP keep-alives. (This is not necessary with Windows Server
2003.) Perform the following procedure for Windows XP Professional:
1. From the Control Panel, access Administrative Tools.
2. From the Administrative Tools dialog, select Internet

Information Services Manager (IIS) Manager. The Internet
Information (IIS) Services Manager dialog appears.
3. In the explorer tree, expand the IIS PC name directory, and

expand the Web Sites folder.
4. Right click on the Default Web Site folder, and from the popup
menu select Properties. The Default Web Site Properties
dialog appears.
5. In the Web Site tab, remove the check from the HTTP Keep-
Alives Enabled checkbox, and click OK.
Resetting Timeout and Live Events Via web.config File

The “sessionState” timeout is set in the web.config file located in the
folder:
C:\Program Files\WebServer
The timeout is the number of minutes that a web.Client session

remains active during non-use (inactivity) before the session ends,
requiring the user to log on again.
The maxEventViewRows is also set in the web.config file. It defines the

maximum number of live events that are listed in the EventViews
window.
For more information about session timeout and EventViews, see the
web.Client online help.

Inactivity Timeout
The “timeout” default is 20 minutes, but it can be reset to a different
time period by editing the web.config file:
Live EventView
The “maxEventViewRows” default value is 1000, but you may want
edit the web.config file to reset it to a smaller number to save time
while the event view list rebuilds:

Establishing SSL Support for Confidential Information

web.Client version 1.74 (and higher) fully supports Secure Sockets
Layer (SSL) technology, whereby a web.Client user can access
confidential, secure information over the Internet. Web pages that a
client requests are encrypted at the server machine via an authorized
SSL Certificate installed on the IIS PC. Likewise, the user deciphers
the encrypted information on the client machine using an
authentication process.
As a system administrator, you must ensure that an SSL Certificate,

acquired by an authorized SSL provider, resides on the IIS PC. There
are several authorized SSL providers (also known as Certificate
authorities) such as VeriSign.
Using SSL Online Documentation

Certificate authority web sites and Microsoft’s IIS online
documentation provide extensive information on SSL technology and
extensive instructions on how to acquire a Certificate and install it on
your server.
For example, a leading Certificate authority, Verisign

(www.verisign.com) provides different sets of detailed instructions for
preparing, installing, moving, and backing up a Certificate on different
servers running different web server software.
This includes:
z Microsoft IIS version 5.0

z Microsoft IIS version 6.0.
For example:
VeriSign web-site instructions for generating a Certificate Signing

Request (CSR) for a Microsoft IIS 6.0 Server, in preparation for
installation.

VeriSign web-site instructions for installing a Certificate on a

Microsoft IIS 6.0 Server.
VeriSign web-site instructions for moving a Certificate from one

server to another.
VeriSign web-site instructions for backing up a Certificate.
You generate a CSR and install a Certificate through Microsoft’s

administrative tool, Internet Information Services, and the IIS Web
Server Certificate Wizard.
For complete instructions for using SSL on Microsoft platforms, please

see Microsoft’s extensive online IIS documentation on secure
communications and certificates:
1. From your Control Panel, open Administrative Tools.
2. From the Administrative Tools dialog, open Internet

Information Services.
3. In the navigation tree in the Internet Information Services

dialog, expand your local PC name and the Web Sites folder.
4. Right click over Default Web Site, and select Properties.
5. On the Default Web Site Properties dialog, select the Directory

Security tab.
6. Click the Help button. From the IIS Documentation window,

select Secure communications. For very extensive, detailed
information, click Certificates.
This Microsoft IIS documentation provides information on:
z An overview of certificates
z Setting up SSL on your server
z Using the security task wizards
z Obtaining a server certificate

z Using Certificate trust lists. (Trust lists are managed via

Internet Explorer’s Internet Options dialog. From IE’s Tools
dropdown menu, select Internet Options. Select the Content
tab. Certificate management options appear in the Certificates
section.
z Obtaining a client Certificate
z Enabling client certificates
z Mapping client Certificates to user accounts.
Note: When applying for and creating your certificate, please use the fully qualified
domain name of the IIS server, particularly if you plan to connect the web
server to the Internet with a public IP address. For example, use the following:
(FQDN) System name.schneider-electric.com (public).
If you plan to connect the web server internally with a private IP address, you
need only use a NetBIOS name. For example, use the following: (netBios)
System name (private).
The URL of the site name must comprise the same server name and domain
name to which your client machine browsers connect:
https://ServerName.DomainName.com
For example:
https://yourpc.schneider-electric.com/webclient (public IP
address)
https://yourpc/webclient (private IP address)
Otherwise, if these do not match, errors will result and SSL won’t work. To test
the URL, ping it from your machine and ensure there is a reply.
Note: In order to use SSL encryption from the client machine, a web.Client user must
access web.Client with the prefix:
https://
instead of http://
For more information, see Chapter 4.
To launch Microsoft’s Web Server Certificate Wizard, click the Server

Certificate button under Secure communications on the
Directory Security tab of the Default Web Site Properties dialog.

Changing IE Security Internet Options to Accommodate SSL

Only after you have set up an SSL Certificate for the IIS PC, you must
modify (on each client machine) Internet Explorer Internet Options to
disable superfluous warning messages that users would otherwise see
while using SSL with certain web.Client features. Follow this
procedure:
1. Install an SSL Certificate. See Establishing SSL Support for

Confidential Information.
2. In Internet Explorer, select Internet Options from the Tools

dropdown menu.
3. On the Internet Options dialog, select the Security tab.
4. In the Security level for this zone section, click the Custom
Level button.
5. On the Security Settings dialog, scroll down to Miscellaneous.
6. Under Display mixed content, select the Enable radio button.
7. Under Access data sources across domains, select the Enable

radio button.
8. Click OK in the Security Settings dialog and again in the

Internet Options dialog.
As an alternative, on each client machine you can add the web.Client

URL address to Trusted sites. On the Internet Options dialog:
1. Select the Security tab, and click Trusted sites.
2. On the Trusted sites dialog, enter the web address in the Add
this Web site to the zone field.
3. Click OK.

Enabling SSL for web.Client

You must also enable SSL for use with web.Client via the web.Client
Properties dialog in Internet Information Services. Follow this
procedure:

2. From the Control Panel, open Administrative Tools.

4. From the navigation tree in the Internet Information Services

dialog, expand your local computer name, expand Web Sites, and
expand Default Web Site.
5. Locate and right-click over WebClient. Select Properties.
6. On the WebClient Properties dialog, select the Directory

Security tab.
7. In the Secure communications section, click the Edit button.
8. On the Secure Communications dialog, check the Require

secure channel (SSL) checkbox, and make sure the Ignore
client certificates radio button is selected.
9. Click OK.
Setting Up SSL for web.Client Pinpoint

The graphics package, web.Client Pinpoint, can be used with an SSL
installation. However, you must perform the following procedure to
enable SSL for web.Client Pinpoint, ensure compatibility with
Pinpoint, and ensure access to graphics files. Follow this procedure:
1. Set up your Pinpoint graphics folders. See Configuring Graphics

Folders for web.Client: Windows XP and Windows Server 2003 and
Configuring Graphics Folders for web.Client: Windows Server 2008
and Windows 7 earlier in this chapter.




dialog, expand your local computer name, expand Web Sites, and
expand Default Web Site.
6. Locate and right-click over DNWACServerFactory. Select

Properties from the popup menu.
7. On the DNWACServerFactory Properties dialog, select the

Directory Security tab.
8. Under Secure communications, click the Edit button.
9. On the Secure Communications dialog, check the Require

secure channel (SSL) checkbox, and make sure the Ignore
client certificates radio button is selected.
10. Click OK.
11. On the same DNWACServerFactory Properties dialog, select

the ASP.NET tab.
12. In the ASP.NET version field, make sure the version is 2.0.50727.
13. Click OK.
14. Open the file, WWPMonitor.exe.config. It’s located in:
c:\program files\continuum\dnwacserverfactory\bin\
15. Access the following lines of code:
<add key=”SSL_Use” value=”false” />

<add key=”SSL_ServerName” value=”xpavalon” />
<add key=”SSL_Port” value=”443” />
16. Modify these lines as follows:
Change “false” to “true” when SSL is active.

Change the value of the ServerName to the fully qualified domain

name of the IIS server.
Make sure the SSL port value remains 443, which is the default.
Note: If you are using SSL with Pinpoint graphics, the SSL port
must be 443.
17. Restart your computer.
18. After restarting your computer, test the Certificate and its
compatibility with Pinpoint by accessing the following page:
https://ServerName/dnwacserverfactory/bin/TestWPinpointSSL.htm
19. A Security Alert appears. Click Yes to the question, Do you want
to proceed? This accepts the Certificate.
20. If the Certificate is valid with Pinpoint, the following page appears:
If this page does not appear, it means it is not valid, or the

Certificate has expired.
At this point, SSL is ready for use with web.Client Pinpoint.

Changing the Default TCP Port Number

Normally, the IIS PC defaults to Internet TCP port 80. Some Internet-
access providers do not use port 80. This may, for example, prevent
access to web.Client Pinpoint graphics files. (web.Client users can
access graphics file folders as URL web address locations. See
Windows Server 2003 and Configuring Graphics Folders for
web.Client: Windows Server 2008 and Windows 7.) If your IIS PC uses
such an Internet access provider, you should change the default port 80
to another port compatible with your access provider.
To change the default port number permanently on the IIS PC:
2. From the Administrative Tools dialog, open Internet


dialog, expand the local computer name, and expand Web Sites.
4. Right click over Default Web Sites, then select Properties.
5. On the Default Web Site Properties dialog, select the Web Site
tab.
6. Under Web Site Identification, in the TCP Port field, change 80

to a number compatible with your Internet access provider.
(Consult your provider.)

7. Click OK.
If you do not permanently change the TCP Port number, you can
override the default, 80, by entering the desired port number
directly into a URL web address. For example, if you want to
connect to web.Client:
https://ServerName.com:PortNumber/webClient
Note: The “s” in the https:// URL is used when an authorized SSL Certificate is
installed on the IIS PC.
8. Reboot your system.


Chapter 4
Testing and Installing
web.Client on a Client PC
z Overview
z Testing Access to and Installing web.Client on a Client PC
z Before Getting Started
z Launching Internet Explorer in Windows 7
z Installing the web.Client Utilities Control
z Installing Microsoft .NET Framework 2.0
z Installing web.Client Pinpoint
z Installing the Video Layout Control and .NET Framework 3.5
z Setting Browser “Zone” Permissions for .NET Framework
z Server Proxy Applications
z Logging Out of web.Client

Chapter 4: Testing and Installing web.Client on a Client PC
Overview
When your web.Client users log on to web.Client via their client-
machine browsers for the first time, it is likely that several applications
will be installed (automatically or via user prompts).
Note: The procedures in this chapter presume you and your users are installing or
upgrading to web.Client version 1.94 and have Internet Explorer version 8.0 or
Internet Explorer 9.0, and meet the other software and hardware requirements
presented in Chapter 2, System and Pre-Installation Requirements.
Testing Access to and Installing web.Client

on a Client PC
After performing the installation and configuration procedures in
Chapter 3, Installing and Configuring web.Client on the IIS PC, you, as
the administrator, must test web.Client browser access, through a
user-client PC, by logging on as a web.Client user. If necessary, a user
client is prompted to install the following applications:
z web.Client Utilities Control

z Microsoft .NET Framework 2.0
z web.Client Pinpoint (only if users have access permission to
graphics)
z Schneider Electric Video Layout Control (only if users have access
permission to video) and Microsoft .NET Framework 3.0, which the
video requires for its operation.
This chapter shows you how to test browser access to web.Client by

logging on and installing web.Client on a user-client workstation.

Before Getting Started

Before getting started:
1. Find a workstation suitable for testing client-browser access to

web.Client.
2. Be sure this workstation has versions of the operating system that

your user clients would typically have.
3. Be sure the workstation meets the system requirements given in

Chapter 2, System and Pre-Installation Requirements.
4. Restart this workstation and other client PCs before logging onto
web.Client for the first time.
During these procedures, please be aware that on a client machine:
z web.Client Utilities Control must be installed before a user can log

on to web.Client for the first time. (See Installing the web.Client
Utilities Control.)
z .NET Framework 2.0 must be installed before a user can bring up
the web.Client Home screen in a browser for the first time. (See
Installing Microsoft .NET Framework 2.0.)
z web.Client Pinpoint must be installed before a user can open a
graphic for the first time. (See Installing web.Client Pinpoint.)
z The Schneider Electric Video Layout Control (and .NET
Framework 3.0, which is required for the Video Layout Control)
must be installed before a user can open a video layout for the first
time. (See Installing the Video Layout Control and .NET
Framework 3.5.)
Note: All web.Client users must have a password to log in. web.Client users are
created in CyberStation.
web.Client features must be unlocked at another CyberStation for the test

user, so that the user can log on to web.Client and perform all the necessary
feature tests.

Launching Internet Explorer in Windows 7

If any of your client users has a Windows 7 client machine, they must
launch Internet Explorer, as follows.
Note: Skip this procedure if your client users have Windows XP or Sever 2003;
proceed to Installing the web.Client Utilities Control.
1. Launch Internet Explorer as user Administrator, in one of the

following ways:
Right click the Internet Explorer icon in your tool tray, and select Run
as administrator.
Via Program Files in your Start menu, right click the Internet
Explorer menu selection, and select Run as administrator.
Note: Your users need only perform this step once in order to install
ActiveX components and web.Client Pinpoint. Once they do so,
they can run web.Client as that user (it is profile dependent)
without being asked to specify the administrator account or run
IE as administrator.
2. From the Internet Explorer Tools menu, select Internet Options.
3. In the Internet Options dialog, select the Connections tab, and

click LAN Settings.
4. In the Local Area Network (LAN) Settings dialog, make sure

the Automatically detect settings checkbox is cleared.
5. Click OK.

Installing the web.Client Utilities Control

Before you can log on to web.Client, you must install the web.Client
Utilities Control. This is done automatically. Follow this procedure:
1. Launch Internet Explorer.
2. Enter the following URL web address:

https://MachineName/VirtualDirectoryAlias
where MachineName is the name of the computer where you

installed web.Client and Continuum.
See Chapter 3, Installing and Configuring web.Client on the IIS

PC.
You must enter https:// if you have installed an authorized SSL

Certificate on the IIS PC. If this is not an SSL server, then you
would enter http://. Version 1.74 (and higher) fully supports SSL,
which accommodates client-server exchanges of confidential
information. (See Establishing SSL Support for Confidential
Information in Chapter 3.)
The VirtualDirectoryAlias was entered in the Enter Text

screen of the installation procedure. Enter the name you supplied.
If you did not change the default name, enter WebClient. For
example:
https://SiteServer1/WebClient
Note: You must use Internet Explorer 8.0 or Internet Explorer 9.0.
A Security Warning dialog appears, prompting you to install the

web.Client Utilities Control.
Note: If the IIS server does not have Internet connectivity, it may take between 30
and 90 seconds for this installation prompt to appear.
Note: The web.Client Log On screen, shown on the next page, appears in the
background, beneath this Security Warning dialog, but you cannot enter your
user name and password until the web.Client Utilities Control is installed.
3. Click the Yes button (or the Install button on Windows XP) on the
Utilities Control Security Warning dialog to begin the

installation. Installation of the Utilities Control happens

automatically, in a few seconds.
If you are upgrading from Version 1.73 to 1.94, go to the next step.
If you are upgrading from Version 1.74 or 1.94, go to Step 4.
4. If you are upgrading from Version 1.73 to 1.94, a dialog appears,

asking you to close and restart Internet Explorer. Do so now. After
you restart Internet Explorer, enter the same URL you entered in
Step 1.
5. On the web.Client Log On screen, enter your user name and

password.
Installing Microsoft .NET Framework 2.0

web.Client operates in a .NET Framework environment. As you log on
for the first time, if you do not already have Microsoft .NET Framework
2.0, you are asked to install it at this time. The Microsoft .NET
Framework 2.0 Setup dialog guides you through an easy procedure:
1. At the Welcome to Microsoft .NET Framework 2.0 Setup

window, click Next. The End-User License Agreement window
appears.

2. Check the I accept the terms of the License Agreement

checkbox, and click Install.
A Setup progress-bar, followed by the Installing components
window, appears while the installation is configured and
components are installed. This may take a several minutes. Please
wait.
3. When .NET Framework 2.0 is installed successfully, the Setup

Complete window appears. Click Finish.
.Microsoft .NET Framework allows the system to accept configurations

that include firewalls.
Installing web.Client Pinpoint

Before your users can bring up a file in a web.Client Pinpoint window
for the first time, they must install the web.Client Pinpoint graphics
application.
At least 4 MB of disk space are needed for web.Client Pinpoint. (See

also Appendix B, web.Client Applications that Are Installed.)
It is recommended your users install this application after bringing up

the Home screen for the first time.
Perform the following procedure:
1. Select Graphics from the navigation filter dropdown menu.
2. In the navigation pane, explore and search for a list of graphic

paths, and click the name of the graphic file you want. A Security
Warning dialog appears, prompting you to install the file,
msxml4.cab.
3. Click the Yes button (or the Install button on Windows XP) to
install the file. Another Security Warning dialog appears, asking
if you want to install and run the WebClient Pinpoint graphics
package.
4. Click Yes to launch the Install Shield Wizard for WebClient

Pinpoint and begin the installation. Click Next.

5. A License Agreement window appears. Click Yes to accept the

terms of the license agreement.
6. At this time, web.Client Pinpoint files are installed.
The Setup Status window appears, displaying the progress of the

installation. When installation is complete, the InstallShield
Wizard appears. Click Finish to complete the installation process.
If your IIS PC Uses IIS 6.0 and Windows Server 2003, Windows Server
2008, or Windows 7
If your IIS PC uses IIS 6.0 and Windows Server 2003, Windows Server
2008, or Windows 7, be aware that IIS resources are recycled after a
long period of time (29 hours) by default. This means that your
web.Client Pinpoint windows, including web.Client itself, are
disconnected after this long period of time expires. Please take this into
account if your users need Pinpoint running continuously for more than
a day.
If you need to run Pinpoint continuously for more than 29 hours, you
may lengthen that time via the Windows Internet Information
Services (IIS) Manager. For a procedure on how do to this, please see
the section, Tip 8 - Changing IIS / Windows Server 2003 Resource
Recycle Time, in Appendix A, web.Client Security and Troubleshooting
Tips.
Installing the Video Layout Control and .NET Framework 3.5

Before your users can bring up a web.Client video for the first time,
they must install the Schneider Electric Video Layout Control. They
may also have to install Microsoft .NET Framework 3.5, which the
Video Layout Control also requires for its operation.
It is recommended your users perform these installations after

bringing up the web.Client Home screen for the first time.
After .NET Framework 3.5 is installed, both versions 2.0 and 3.5 reside
on the client machine.)

Note: The video feature requires network access to a digital video recorder. This may
require you to open port 18772 or establish a Virtual Private Network (VPN)
connection if there is a firewall.
At least 72 MB of disk space are needed for the Video Layout Control,
which comprises the file, WebClientVideo.cab, and .NET Framework
3.5. (See also Appendix B, web.Client Applications that Are Installed.)
To install the Video Layout Control and .NET Framework 3.5, perform
the following procedure:
1. From the navigation filter dropdown menu, select Video,
2. Explore and search for a list of video paths, and click the name of
the VideoLayout object you want.
A message appears, prompting you to install the file,

WebClientVideo.cab, as the first step in Video Layout Control
installation.
3. Click Install.
If you do not already have Microsoft .NET Framework 3.5 installed

on your computer, the InstallShield Wizard appears, asking you
to install it now. (If you are not asked to install .NET Framework
3.5, go to Step 5.)
4. Click Install.
Installation of .NET Framework 3.5 begins. A progress bar appears

in the InstallShield Wizard window.
Installation takes several minutes. Please wait.
5. When installation of .NET Framework 3.5 completes, the Welcome

to InstallShield Wizard for Schneider Electric Video Layout
Control window appears. Click Next.
6. The Ready to Install the Program window apperas. Click

Install.

7. The Installing Schneider Electric Video Layout Control

window appears with a progress bar. Please wait. When
installation completes, click Next.
8. The InstallShield Wizard Completed window appears.

Click Finish. Your video layout object appears.
Setting Browser “Zone” Permissions for .NET Framework

web.Client operates in a Microsoft .NET Framework 2.0 environment.
Microsoft’s Internet Explorer has various browser “zones” (for example,
the Internet zone, Local Intranet zone, and Trusted zone). Each zone
requires different user permissions settings.
On the client side, .NET Framework 2.0 controls do not run in the IE
browser’s Internet or Trusted zone with their default permission
settings. Therefore, users must add full trust to these zones.
On each client machine, you can do so in one of the following two ways:
z Download and install the Microsoft .NET Framework Software

Development Kit (SDK) 2.0, available from Microsoft, and set zone
permissions.
z Run the Microsoft Code Access Security Policy tool, Caspol.exe
Download and Install .NET Framework SDK 2.0
Download the Microsoft .NET Framework SDK 2.0. This is available

from Microsoft, http://www.microsoft.com/downloads/.
Then perform the following procedure to set zone permissions:
1. From the Windows Control Panel, open Administrative Tools.

The Administrative Tools dialog appears.
2. In the Administrative Tools dialog, double click Microsoft .NET

Framework 2.0 Configuration.
The .NET Configuration 2.0 dialog appears.

3. In the tree, expand Runtime Security Policy, Machine, Code

Groups, All_Code, until all code groups are listed.
4. Depending on which zone is running, right click on Trusted_Zone

or Internet_Zone and select Properties from the popup menu.
The Trusted_Zone Properties dialog (or Internet_Zone

Properties dialog, respectively) appears.
5. Click the Permission Set tab, and from the Permission set
dropdown menu, select FullTrust.
6. Click OK or Apply
You can also change the default permission set or create a new
permission set that has the following specific permissions.
z Security - Enable Assembly execution

z User Interface - Grant assemblies unrestricted access to user
interface elements.
z Web Access - Grant assemblies unrestricted access to user
interface elements.
Run the Microsoft Code Access Security Policy Tool
As an alternative, you can add full trust to the zones by executing the
Microsoft Code Access Policy tool (caspol.exe) located in:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\
To add full trust to the Internet zone in .NET Framework 2.0, execute
the following:
caspol.exe -m -addgroup Internet_Zone -zone InterNet FullTrust

-name FullTrust
To add full trust to the Trusted zone in .NET Framework 2.0, execute
the following:
caspol.exe -m -addgroup Trusted_Zone -zone Trusted FullTrust

-name FullTrust

Server Proxy Applications

There are some applications that are displayed during a web.Client
session, including:
z ACWebServerProxy, installed with web.Client, displays a

window, shown below, that logs all users who are logged on to
web.Client. It runs automatically on the server after the first user
logs on the web site. It must not be manually closed.
z ACWPPServerProxy is used exclusively for web.Client Pinpoint.

Like the ACWebServer Proxy, it runs automatically on the server
and must not be manually closed.
z Schneider Electric XML Automation server
CAUTION
Manually closing the ACWebServerProxy
Do not manually close the ACWebServerProxy window.
If anyone manually closes the ACWebServerProxy window, all users
are disconnected from the application.

Logging Out of web.Client

When a user logs onto web.Client, one of the client licenses is reserved
for that user to use. When a user wishes to end the web.Client session,
he/she must log out in order for that client license to be released and
made available for another user to log on and use.
CAUTION
Closing sessions without logging out
Users should not close their sessions without logging out.
If the session is closed without logging out, the client license will not
be available for a different user until after the timeout period has
expired.


Chapter 5
Using web.Client to Set Up
Your Organization
z Overview
z web.Client Security Basics
z Scenario 1: A Single-Building Company
z Scenario 2: A Global Company

Chapter 5: Using web.Client to Set Up Your Organization
Overview
Having installed and tested web.Client version 1.94 on an Internet
browser, you are now ready to use this powerful, web-based facility
management tool. For example, web.Client can distribute personnel
records, view and edit schedules and points, integrate video, display
live events, provide convenient access to reports for managers, monitor
BACnet loops, and download TrendLog records. (For complete
information, please see the web.Client online help.)
It is very important to plan for web.Client carefully. If you can start

planning for web.Client before the initial configuration of the facility
management system, implementation will be much easier.
Example: Building a Security Management System

This chapter provides a security example: building a security
management system. It simulates an access control / personnel
management system.
Throughout this process keep in mind that you will be creating

delegates to log on to web.Client and access the Continuum facility
management system.
Start by asking the following questions:
z Is the security installation contained within one building or are

there multiple facilities managed by one system?
z Where are the facilities located?
z Who are the security delegates that will administer the personnel
records?
z What personnel records do the security delegates have authority to
administer?
z What are the areas of which the security delegates have control?
z Can personnel records be placed in logical groups?
Based on the answers to the above questions, you will have to decide:
z What folders will need to be created in CyberStation?

z What Folder and Device Level (FDL) security should be used for
these folders?
z What group level security should the security delegates have to
limit their ability to view only certain object classes or perform only
certain tasks?
z What object level security should be set up to limit the security
delegate to specific groups of objects?
This chapter details two scenarios in which the above questions were
answered and decisions were made on how to set up the Continuum
system. Use these examples to aid in planning for your scenario.
web.Client Security Basics

To utilize web.Client effectively, Continuum security will be applied to
the users who have access to web.Client, to limit their view and actions.
Since CyberStation allows a user to be configured with just a user
name and no password, only CyberStation users with both a user name
and password can log onto web.Client. This is achieved by configuring
the Continuum system security at one of the workstations (not on the
IIS Server).
On this workstation, you will be creating the following:
Security groups: Define these by right-clicking on the Continuum

icon in your tool tray, and selecting Security from the popup menu.
This invokes the Security Editor, where you can edit “user-level”
security. web.Client has its own set of object-class security keys for
security groups to utilize. Using security groups, you can assign each
group overall access to an object class by “unlocking actions”. That is, if
the web.Client class object has unlocked, “Alarms” permissions set for a
security group, then the security group may view every alarm in the
entire Continuum system. If a class and action is “unlocked” by a
security group, only a security level may override it. Many users can be
assigned to the same security group.
Security levels: Security levels do not exist in the Continuum system

by default, they must be created. Security levels are used to apply
“object-level” security, to override permissions granted by security

groups, and can only be used to deny a permission granted by security

groups. Security levels cannot be used to grant permissions denied by
security groups. They may be applied to individual objects (for example,
an area called “Engineering”) or to a folder with many objects. When a
security level is applied to a folder, all the contents of the folder,
including subfolders, are limited to that security level’s restrictions.
Since only one security level can be applied to an individual object or

folder, a security level must be defined to include all the restrictions
that will be applied. For example, the following security levels may be
required:
z Admin only
z Admin and Engineering Managers
z Admin, Engineering Managers, and Sales Managers
Folders: Folders are used in the Continuum system to partition, or

logically group objects in the database. For example, a folder may
contain all the areas in building 52. Folders make Continuum security
much easier to implement. Instead of individually applying security
levels to every object, a security level can be applied to the folder once
to set the appropriate security permissions.
Users: Users created with the Continuum system are assigned to one
or more security groups. Since a user may be a member of more than
one security group, security groups may be set up to focus on a small
set of permissions. Setting up security groups with a modular
approach, makes assignment of security groups to users much easier. If
a user is assigned to more than one security group with conflicting
permissions, the “unlocked” permissions take precedence and the user
will be granted the permission.
Object-Level Security: is accomplished by using an object class

called SecurityLevel. This class contains security permissions; these
permissions are part of the SecurityLevel object and may be (and
usually are) different than the default permissions.
SecurityLevel: Objects are used to create security permissions for

groups of objects (such as “Building52 Areas” or “Administration
Objects”). These permissions can then be attached to the appropriate
objects.

Folder and Device Level Security (FDL): provides the user with
the ability to apply a security level to a collection of child objects by
placing them in a folder (the parent) so that they inherit the parent’s
security level. When you configure security using FDL, consider the
following:
z Roles - Categories to which users can be assigned (for example,

Administration, Guard, Maintenance, and so on)
z Partitions - Divisions of the site into physical areas (for example,
Building A, Building B, and so on)
z Group names - The combination of roles and partitions (for
example, BldgAAdmin, BldgAGuard, BldgAMaint, and so on)
The number of groups is a product of the number of roles multiplied by

the number of partitions:
Number of Groups = (Number of Roles) x (Number of Partitions)
For example, a site with three roles and two partitions would have six
groups.
Note: CyberStation supports up to 1024 groups. If the number of groups (number of

roles multiplied by the number of partitions) exceeds 1024, then the number of
roles and/or number of partitions needs to be decreased.
Testing web.Client Security

After you configure security for your system, test all functional areas
for proper security permissions.
Log in as each user once and verify that the right areas are granted or
denied according to your configuration plan.

Scenario 1: A Single-Building Company

A single-building company would like to assign one security designee
per department. This person will be responsible for creating, editing,
and deleting department personnel, as well as assigning area
permissions and time schedules to their personnel. The administrative
designee (the Human Resources delegate) will have permissions to all
records and areas. The IT personnel need to be granted permissions to
all areas of the building so that they may work anywhere in the
building.
This section contains the following topics:
z How Is the Company Physically Divided?

z Who Are the Users?
z What Are the Security Levels?
z Setting Up web.Client in CyberStation
How Is the Company Physically Divided?

The company is divided into the following departments:
z Administrative
z Engineering
z Sales
z IT
The areas of the building are:
z Main lobby
z East stairwell
z West stairwell
z Fitness room
z Human Resources department
z Administrative offices
z Engineering lab

z Engineering Conference room

z Sales offices
The areas can be grouped as:
z Common areas: Main lobby, fitness room, east stairwell, west

stairwell
z Administrative areas: Human Resources department,
administrative offices
z Engineering areas: Engineering lab, engineering conference room
z Sales areas: Sales offices
Who Are the Users?

The following table lists the users in scenario:
Who Are the Users?

Name Description
HRDel Human Resources delegate with permissions to all personnel records
and areas
EngDel Engineering delegate with permissions only to engineering personnel
records and engineering and common areas
SalesDel Sales delegate with permissions only to sales personnel records and
sales and common areas
ITDel IT delegate with permissions only to IT personnel records and all areas
Since this setup requires that each delegate have different sets of
permissions, it requires four security groups (one for each user /
delegate). These groups will be: Admin, Eng, Sales, and IT (where the
HRDel serves as the Admin delegate).
Also, since only one security level can be applied per folder or object, it
is recommended that you create separate security levels for each folder.
This will make it easier to organize permissions specifically for the
contents of the folder.

What Are the Security Levels?

The following table lists the security levels in this scenario:

This security level… Is Unlocked for these Groups
CommonAreasSL All security groups
AdminAreasSL Administrative and IT groups
EngAreasSL Administrative, IT, and engineering groups
SalesAreasSL Administrative, IT, and sales groups
AdminPersonnelSL Administrative group
EngPersonnelSL Administrative and engineering groups
SalesPersonnelSL Administrative and sales groups
ITPersonnelSL Administrative and IT groups
Setting Up web.Client in CyberStation

For the scenario described above, it is recommended you set up
web.Client in Continuum CyberStation to have the following security
groups, personnel folders, area folders, security levels, and users.
Recommended Set Up
Security Groups Personnel Folders Area Folders Security Levels Users
Admin AdminPersonnel CommonAreas CommonAreasSL HrDel
Eng EngPersonnel AdminAreas AdminAreasSL EngDel
Sales SalesPersonnel EngAreas EngAreasSL SalesDel
IT ITPersonnel SalesAreas SalesAreasSL ITDel
AdminPersSL
EngPersSL
SalesPersSL
ITPersSL

Scenario 2: A Global Company

In a global company, you would like to assign one security designee per
company location. This person will be responsible for creating, editing,
and deleting personnel, as well as assigning area permissions and time
schedules to their location’s personnel.
There will also be a global administrator (GlobalViewer) who will have

permissions to view all records and areas. This user may not create,
edit, or delete records.
For traveling employees who do not have a particular location, there is

another global administrator (GlobalPersonnelAdmin). This person can
create, edit, and delete the personnel records of these people in
particular, but they cannot assign access to any areas.
Lastly, local administrators can grant area permissions to the traveling

employees, but they may not create, edit, or delete their records.
This section contains the following topics:
z What Are the Company Personnel Groups?

z Where Are the Company Facilities Located?
z Who Are the Users?
z What Are the Security Levels?
z Setting Up web.Client in CyberStation
What Are the Company Personnel Groups?

The company is divided into the following personnel groups:
z Andover personnel
z England personnel
z France personnel
z Germany personnel
z Hong Kong personnel
z Mexico personnel

z Global personnel (the traveling personnel)
Where Are the Company Facilities Located?

The locations of the company facilities are, as follows:
z Andover
z England
z France
z Germany
z Hong Kong
z Mexico
Who Are the Users?

The following table lists the user names in this scenario:
Who Are the Users?

Name Description
AndoverAdmin Andover delegate with permissions to all Andover personnel records and areas, also
has permissions to view global personnel and assign Andover area permissions to
them.
EnglandAdmin England delegate with permissions to all England personnel records and areas,
also has permissions to view global personnel and assign England area permissions
to them.
FranceAdmin France delegate with permissions to all France personnel records and areas, also
has permissions to view global personnel and assign France area permissions to
them.
GermanyAdmin Germany delegate with permissions to all Germany personnel records and Areas,
also has permissions to view global personnel and assign Germany area
permissions to them.
HongKongAdmin Hong Kong delegate with permissions to all Hong Kong personnel records and
areas, also has permissions to view global personnel and assign Hong Kong area
permissions to them.
MexicoAdmin Mexico delegate with permissions to all Mexico personnel records and areas, also
has permissions to view global personnel and assign Mexico area permissions to
them.

Who Are the Users? (continued)

Name Description
GlobalPersonnelA Global delegate with permissions to all global personnel records but not to areas, so
dmin he/she cannot assign area permissions to global personnel.
GlobalViewer Global delegate with permissions only to view all personnel records and areas.
Since this setup requires that each delegate have different sets of
permissions, this scenario requires eight administrative groups (one for
each user / delegate).
These groups will be: Andover Administrator, England Administrator,

France Administrator, Germany Administrator, Hong Kong
Administrator, Mexico Administrator, Global Personnel Administrator,
and Global Viewer.
Also, since only one security level can be applied per folder or object, it
is recommended to create separate security levels for each folder. This
will make it easier to organize permissions specifically for the contents
of the folder.

The following table lists the security levels in this scenario:

This security level… Is Unlocked for this Group1
AndoverAreaSL Andover administrator group
EnglandAreaSL England administrator group
FranceAreaSL France administrator group
GermanyAreaSL Germany administrator group
HongKongAreaSL Hong Kong administrator group
MexicoAreaSL Mexico administrator group
AndoverPersonnelSL Andover administrator group
EnglandPersonnelSL England administrator group
FrancePersonnelSL France administrator group
GermanyPersonnelSL Germany administrator group
HongKongPersonnelSL Hong Kong administrator group

What Are the Security Levels? (continued)

This security level… Is Unlocked for this Group1
MexicoPersonnelSL Mexico administrator group
GlobalPersonnelSL Global personnel administrator group
1. All Security Levels will also be unlocked for the Global Viewer with the excep-
tion that the keys (in the security settings) will be locked for the change, edit,
create, and delete functions.
Setting Up web.Client in CyberStation

The web.Client setup in Continuum CyberStation for this scenario is
recommended to have the following security groups, personnel folders,
area folders, and security levels.
Recommended Setup
Security Personnel Area Folders Security Levels Users
Groups Folders
Andover AndoverPersonnel AndoverAreas AndoverAreaSL AndoverAdmin
Administrator EnglandPersonnel EnglandAreas EnglandAreaSL EnglandAdmin
FrancePersonnel GermanyAreas FranceAreaSL FranceAdmin
England GermanyPersonnel HongKongAreas GermanyAreaSL GermanyAdmin
Administrator HongKongPersonnel MexicoAreas HongKongAreaSL HongKongAdmin
MexicoPersonnel MexicoAreaSL MexicoAdmin
France GlobalPersonnel AndoverPersonnelSL GlobalPersonnel
Administrator EnglandPersonnelSL Admin
FrancePersonnelSL Global Viewer
Germany GermanyPersonnelSL
Administrator HongKongPersonnelSL
MexicoPersonnelSL
Hong Kong GlobalPersonnelSL
Administrator
Mexico
Administrator
Global Personnel
Administrator
Global Viewer

Appendix A
web.Client Security and
Troubleshooting Tips
This appendix contains the following topics:
z Tip 1 - Ensuring Full System Access for at Least One User

z Tip 2 - Placing PIM Files in a Single Folder
z Tip 3 - Applying Security to non-web.Client Folders
z Tip 4 - Verifying DCOM Is Enabled
z Tip 5 - Enabling the Default Document
z Tip 6 - Understanding Security Ramifications for IIS Applications
z Tip 7 - Be Sure that IIS Is Installed before .NET Framework
z Tip 8 - Changing IIS / Windows Server 2003 Resource Recycle Time

Appendix A: web.Client Security and Troubleshooting Tips
Tips
This appendix provides some tips for keeping your web.Client system
secure and for troubleshooting some common problems that may arise.
CAUTION
To perform the Microsoft-related procedures, you must have administrative experience
using Microsoft system software and understand that there are differences in the
graphical user interfaces between different Windows platforms. User-interface
configuration.
Tip 1 - Ensuring Full System Access for at Least One User
To protect your Andover Continuum system, reserve user security

groups 1 and 128 (or the highest-numbered user security group your
site uses) to have all keys unlocked for all classes. Do this for the “base-
level” security and all “object-level” security (security levels).
Note: Although it is unlikely you would use all of them, CyberStation provides a
maximum of 1024 user security groups.
Be sure at least one user is assigned to both the first and your highest-
numbered security groups. This ensures that at least one user will have
full access to the system in case of an inadvertently locked action.
Tip 2 - Placing PIM Files in a Single Folder
If the Personnel Information Manager (PIM) is being used, the PIM

requires that all personnel records exist in a single folder under the
Root.

Tip 3 - Applying Security to non-web.Client Folders
When adding new personnel using web.Client, the New Person dialog
displays all of the CyberStation system folders for which that logged-on
user has permissions to view.
Schneider Electric recommends that you apply a security level to all

folders not used by web.Client users (the folders that do not include any
personnel, areas, or numerics used by schedules) so as to prevent
personnel from inadvertently being placed in the wrong folder.
1. Create a security level at a CyberStation workstation and call it

“NonWebClient”.
2. Unlock permissions only for CyberStation workstation users. Keep

the columns reserved for web.Client security groups locked.
3. Apply this new security level to all folders without personnel,

areas, or numerics (used by schedules).

Tip 4 - Verifying DCOM Is Enabled
To verify that DCOM is enabled properly, perform the following

procedure.
For Windows XP Professional and Windows Server 2003
1. From the Windows Start menu, select Run. The Run dialog
appears.
2. Enter dcomcnfg. The Component Services dialog appears.
3. In the explorer tree, expand Component Services, and right click

on My Computer.
The My Computer Properties dialog appears.
4. Select the Default Properties tab.
5. Verify that the Enable Distributed COM on this computer

checkbox is checked.
See also Configuring DCOM Default Security Settings
Tip 5 - Enabling the Default Document
Perform the following procedure to ensure that the default document

on the web.Client virtual directory is set.
1. From the Start menu, select Settings Control Panel.
2. From the Control Panel, select Administrative Tools. The

Administrative Tools dialog appears.
3. From the Administrative Tools window, click Internet Services

Manager. (or Internet Information Services on Windows XP
and Server 2003). The Internet Services Manager dialog
appears.
4. In the left-hand explorer tree pane of the Internet Information

Services dialog, expand the directories beneath the computer icon
that is the name of the computer on which you are working.

5. Expand the directory name, Default Web Site. (On Windows XP

and Windows Server 2003, expand Web Sites, then Default Web
Sites.)
Note: There is a virtual directory under the default web site that is used for
web.Client, and by default it is called “WebClient”. During the installation of
web.Client, this directory name can be changed.
6. Right click on the WebClient directory, and select Properties.
Note: If you are unsure which directory it is, click them, one at a time, to list the
contents in the right-hand pane. The web.Client virtual directory will have two
ACCWebMgr files in the list in the pane.
7. The WebClient Properties dialog appears. Select the

Documents tab.
8. Ensure that the Enable Default Document checkbox is checked.
9. Click OK to close the WebClient Properties dialog and the

Internet Information Services dialog.
Tip 6 - Understanding Security Ramifications for IIS Applications
Launching an OLE or COM object requires certain permissions. This is

normally not an issue for most interactive users because the default
permissions for launching and accessing OLE and COM objects allow
access to anyone logged onto the local machine interactively. An IIS
application, whether it is running in the context of the
IUSR_<servername> account or an impersonated user account from
Basic or NTLM authentication, is not interactively logged on.
Therefore, the default permissions for launching and accessing OLE
and COM objects will not allow an ISAPI extension DLL, CGI
application, or Internet script to launch these objects successfully by
default.
The utility DCOMCNFG allows you to set the default permissions for
*ALL* COM and OLE objects on your machine. You can use this utility
to provide OLE and COM access to the IUSR_<servername> account as
well as all user accounts that might be impersonated by your IIS
configuration. You can even grant permissions to the “Everyone” group.

For more information on launching OLE servers from ISAPI

applications, refer to the Microsoft article on Security Ramifications
for IIS Applications. This article can be found at:
http://www.microsoft.com/windows2000/en/server/iis/htm/asp/
eadg4n77.htm?id=231.
Tip 7 - Be Sure that IIS Is Installed before .NET Framework
To avoid problems opening web.Client Pinpoint graphics, be sure that

IIS has been installed on the server before Microsoft .NET Framework
2.0 is installed. If Microsoft Windows already comes with .NET
Framework 2.0, or you have downloaded .NET Framework 2.0
separately during a Windows upgrade before IIS is installed, perform
the following:
For Windows XP Professional or Windows Server 2003 run the

following command:
C:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe -i
Refer to Chapter 2, System and Pre-Installation Requirements. and

Chapter 3, Installing and Configuring web.Client on the IIS PC.
Tip 8 - Changing IIS / Windows Server 2003 Resource Recycle Time
If your IIS PC uses IIS 6.0 and Windows Server 2003, please be aware
that IIS resources are recycled after a long period of time (29 hours) by
default. This means that your web.Client Pinpoint windows, including
web.Client itself and other resources, are disconnected after this long
period of time expires. Please take this into account if your users need
Pinpoint and/or web.Client running continuously for more than a day.
You may lengthen this resource-recycle time via the Windows Internet
Information Services (IIS) Manager. On the IIS PC (Windows Server
2003) perform this procedure:
1. From the Windows Control Panel, double click and open

Administrative Tools. The Administrative Tools dialog
appears.

2. Double click and open Internet Information Services (IIS)

Manager. The Internet Information Services (IIS) Manager
dialog appears.
3. In the navigational directory, expand your local computer directory.
4. Expand the Application Pools directory.
5. Right click on DefaultAppPool, and from the popup menu, select

Properties.
The DefaultAppPool Properties dialog appears.
6. Select the Recycling tab.
7. Next to the Recycle worker processes (in minutes) checkbox,

which should be checked, notice the field displaying the default
number of minutes - 1740 minutes. This is equivalent to 29 hours.
8. To lengthen this time, use the field's up-arrow button to add

minutes. (Use the down arrow to subtract minutes.)
9. Click OK.
Your resources are now automatically disconnected when this new

time expires.


Appendix B
web.Client Applications that
Are Installed
This appendix lists the applications that web.Client installs on the

client PCs and the file size of each application.

Appendix B: web.Client Applications that Are Installed
Installed Applications
The following table lists the applications that web.Client installs on the
client PCs and the file size of each application.
Applications that web.Client Installs on the Client PCs

Installed
Application Description
web.Client Utilities This 60 KB application configures some internal settings that
Control are invisible to administrators and users. Required before user
logs on.
Microsoft .NET web.Client operates in a Microsoft .NET Framework 2.0
Framework 2.0 environment. The user installs.NET Framework 2.0 on the
client machine when web.Client is launched for the first time.
Be sure you have at least 22 MB of free disk space for .NET
Framework 2.0. For more information, refer to Installing
Microsoft .NET Framework 2.0
Schneider Electric When a user brings up a video layout in web.Client for the first
Video Layout time, he/she is prompted to install the Video Layout Control. As
Control and part of that installation, the user may also be prompted to
Microsoft .NET install .NET Framework 3.5, which the Video Layout Control
Framework 3.5 requires. The Video Layout Control and .NET Framework 3.5
make up the file WebClientVideo.cab.
Be sure you have at least 72 MB of free disk space. For more

information, refer to Installing the Video Layout Control and
.NET Framework 3.5
Adobe scalable This 5 MB application allows the client to view web.Client
vector graphics Reports. (See the web.Client online help.)
(SVG) viewer for
graphical reports.
web.Client Pinpoint This 4 MB application allows the client to view Pinpoint
(wPinpoint) graphics through web.Client.
web.Client Video This 2 MB application allows the client to view and play back
Control live and recorded video images through web.Client.

Appendix C
Guidelines for Upgrading to
Version 1.94
This appendix contains guidelines for upgrading web.Client to

version 1.94.

Appendix C: Guidelines for Upgrading to Version 1.94
Upgrade Guidelines
This appendix presents guidelines for upgrading web.Client to version
1.94. A quick procedure is provided below, but please refer back to the
procedures and requirements in Chapter 2, Chapter 3, and Chapter 4.
Refer also to the Andover Continuum CyberStation Installation Guide,
30-3001-720. As with any upgrade, it is good practice to ensure, before
you begin, that you have a known good backup of the database.
Note: web.Client version 1.94 supports Microsoft Windows Server 2003, in addition
to Windows XP Professional Workstation.
1. Upgrade your hardware security key to version 1.94
Depending upon the version of CyberStation you are running, you

may need to update your hardware security key to version 1.94. If
your CyberStation software is a pre-1.9 version (such as, v1.6, or
v1.81), you will have to upgrade your key to support v1.94.
If you are running version 1.9 or higher, however, you will not need
to update your security key; your key is already enabled to support
version 1.94.
2. Perform pre-installation tasks, and ensure your system meets the

minimum software and hardware requirements. (See Chapter 2,
System and Pre-Installation Requirements.)
3. Reboot your PC before inserting the version 1.9CD, and start the
web.Client Install program. Perform the installation over the
previous version’s application. Reboot your PC, when prompted.
Also refer to the procedure in Chapter 3: Installing web.Client on

the IIS PC.
4. After the installation procedure is complete, and you have rebooted

your machine, the database initialization procedure begins.
When the Database Initialization dialog appears, select the

Update Existing Database radio button to update the database.
Note: If you do not have the database engine, SQL Express, already installed, or if
you have an older version of the database engine, then SQL Express is
installed for you automatically during the database initialization process.

Refer to the procedures in Chapter 3: Initializing the Database on a

LAN IIS PC and Creating and Initializing the Database on a
Standalone IIS PC. See also, Appendix D, SQL Express Installation
Error Messages.
5. Follow these other configuration procedures from Chapter 3:

Configuring Access Permissions for web.Client Users
Configuring Your Video Servers
Windows Server 2003
Configuring Graphics Folders for web.Client: Windows Server 2008
and Windows 7
Configuring DCOM Default Security Settings
Disabling HTTP Keep-Alives
Establishing SSL Support for Confidential Information
Enabling SSL for web.Client
6. After installation is complete, and your users are ready to log onto
web.Client on their client-PC browsers, follow the procedures, as
needed, in Chapter 4, Testing and Installing web.Client on a Client
PC. Be sure your users reboot their browser PCs before logging on
to the upgraded IIS PC.
Note: During the web.Client installation, if a client machine does not already have
Microsoft .NET Framework 2.0 installed, a user must install it as he/she logs
on to web.Client for the first time. web.Client operates in a .NET Framework
environment.
When a user is logged onto web.Client and tries to bring up a video layout for
the first time, he/she may be prompted to install .NET Framework 3.0 on the
client machine, if it is not already installed. The web.Client Video Control
requires the client machine to have .NET Framework 3.0, just as web.Client
overall requires .NET Framework 2.0. For more information see Installing the
Video Layout Control and .NET Framework 3.5 in Chapter 4.
.NET Framework installation typically takes several minutes. If your

machine has a 9600 baud-rate modem, the process is longer. Please be
patient.


Appendix D
SQL Express Installation
Error Messages
This appendix contains the following topics:
z Overview
z SQL Express Installation Error Messages

Appendix D: SQL Express Installation Error Messages
Overview
This appendix provides a list of error messages that may appear if
certain problems occur during the installation of the database engine,
SQL Express. (SQL Express is installed or upgraded automatically on a
standalone system during the Continuum database initialization
process.)
During SQL Express installation, one of three things is detected on

your computer:
z There is no SQL Express at all. In this case, SQL Express is

installed automatically.
z MSDE 2000 is already installed as the database engine. In this
case, SQL Express is installed over MSDE 2000.
However, your computer is also checked for certain rare problems that
could complicate SQL Express installation and/or the creation or
update of the Continuum database.
For example, a third-party software vendor may already be using the

existing database engine. This creates license-agreement conflicts and
possible performance problems. To satisfy the software license
agreement, Continuum CyberStation must “own” the database engine.
In this case, it may be necessary to create another instance of SQL
Express for Continuum CyberStation and/or notify the software
vendor.
Using another example, the database may be configured incorrectly. In

this case, it may be necessary to re-create the Continuum database
during database initialization.
In a few cases, it may be necessary to contact your Technical Support

representative.
There are many variations of these special cases. If a problem arises,

you will receive an SQL Express installation error message that states
the problem and provides instructions for correcting it.

SQL Express Installation Error Messages

For every problem that may occur during SQL Express installation, one
of the following error messages appears. These messages are self-
explanatory:
An error occurred while upgrading or installing SQL Express on your

computer. Please contact your Technical Support representative for
further instructions.
We have detected an existing incorrectly configured version of SQL

Express, which cannot be upgraded. Installation has been halted.
Please uninstall this version manually, and rerun Continuum Database
Initialization. To uninstall, go to the Windows Control Panel, open
Add/Remove Programs, select "SQL Server 2005", and uninstall.
We have detected an incorrectly configured existing version of SQL

Express, which Continuum is already using. Another instance of SQL
Express will be installed now, and the existing Continuum database
will be attached to it automatically.
We have detected an incorrectly configured existing version of SQL

Express, which another software vendor is already using. According to
the Microsoft license agreement, Continuum cannot use this version of
SQL Express. We will now install another instance of SQL Express for
Continuum. After the SQL Express instance is installed, a reboot of
your computer is required.
Please note the new server name, "ServerName\ContinuumSE". Each
client workstation will need to have the server name adjusted
accordingly to include "\ContinuumSE". For example, a server formerly
named "MyServer" is now "MyServer\ContinuumSE".
Please use this new SQL Express instance for Continuum only. This
satisfies the conditions of the Microsoft license agreement.
We have detected that an existing version of SQL Express is already

installed on your computer. However, another software vendor, in
addition to Continuum, is already using this existing version. The
upgrade will continue, but we recommend you notify the software
vendor that it is using an SQL Express instance belonging to
Continuum and suggest that the vendor create its own instance of SQL
Express to avoid configuration incompatibilities, performance
problems, and license-agreement conflicts.

We have detected that your Continuum database is configured

incorrectly. To correct the problem, please call your Technical
Support representative after the database update for further
instructions.

Andover Continuum web.Client Planning
and Installation Guide
Document Number 30-3001-835
Version 1.94

30-3001-835 Webclient Planning and Installation Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

30-3001-835 Webclient Planning and Installation Guide

Uploaded by

Copyright:

Available Formats

Andover Continuum web.

All Rights Reserved

No part of this publication may be reproduced, read or stored in a retrieval system, or

This document is produced in the United States of America.

Andover Plain EnglishTM is a trademark of Schneider Electric.

Andover InfinetTM is a trademark of Schneider Electric.

All other trademarks are the property of their respective owners.

Title: Andover Continuum web.Client Planning and Installation Guide

web.Client Version 1.94

Schneider Electric part number: 30-3001-835

About this Manual ................................................................. 9

Chapter 1 Introduction to web.Client ................................................... 13

Chapter 2 System and Pre-Installation Requirements ........................ 21

Andover Continuum web.Client Planning and Installation Guide 5

Chapter 3 Installing and Configuring web.Client on the IIS PC ......... 57

Chapter 4 Testing and Installing web.Client on a Client PC .............. 115

Chapter 5 Using web.Client to Set Up Your Organization .................. 129

Andover Continuum web.Client Planning and Installation Guide 7

Appendix A web.Client Security and Troubleshooting Tips ................. 141

Appendix B web.Client Applications that Are Installed ......................... 149

Appendix C Guidelines for Upgrading to Version 1.94 .......................... 151

Appendix D SQL Express Installation Error Messages ......................... 155

What’s in this Manual

Andover Continuum web.Client Planning and Installation Guide 9

Note: Notes contain additional information of interest to the user.

Andover Continuum web.Client Planning and Installation Guide 11

This chapter contains the following topics:

Andover Continuum web.Client Planning and Installation Guide 13

web.Client is either added to a LAN Andover Continuum CyberStation

z Create, search for, edit, and delete personnel records

z View and generate reports of all access events, including area

z Create, run, and view graphical reports (class object Report),

web.Client User Documentation

Andover Continuum web.Client Planning and Installation Guide 15

A Typical System before web.Client

A Continuum system without web.Client consists of a database server

The following illustration shows what the administration of the typical

A Typical System Implementing web.Client

You can delegate security tasks to authorized personnel who then

In the administration of a web.Client system, for example, you would

Similarly, you could grant access rights to:

z An employee to adjust the temperature after viewing current

Andover Continuum web.Client Planning and Installation Guide 17

Differences between web.Client and CyberStation

web.Client Levels of Support

Andover Continuum web.Client Planning and Installation Guide 19

This chapter contains the following topics:

z web.Client Setup Configurations

Note: Before installing or upgrading to web.Client version 1.94, be sure the

Andover Continuum web.Client Planning and Installation Guide 21

web.Client Setup Configurations

z web.Client local area network (LAN) system

LAN system: The web.Client LAN system comprises a Continuum/

Standalone system: The standalone “single user” system with

The following table lists the maximum number of web.Client version

Maximum Number of web.Client 1.94 Users Per Server

Hardware and Software Requirements for LAN System

z Continuum/SQL database server

z Windows XP Professional workstation (maximum of two users)

Andover Continuum web.Client Planning and Installation Guide 23

The IIS server must be on a network that can connect to the

web.Client version 1.94 will upgrade any previous version on IIS

z Chapter 3, Installing and Configuring web.Client on the IIS PC