Summary
This internal document is intended for use by IDX staff implementing Version 4.06 or 4.07 installations of the Web Framework.
This document describes how to use Microsoft Active Directory (AD), a feature of Windows 2000 Server, to deploy Web Framework-related controls to computers in a “locked-down” environment. In a locked-down environment, an end user cannot install software on a client PC.
Using Active Directory to
Install Client-Side Web
Framework Components
IDXR
6/11/04 For Internal Use Only © 2004 IDX Systems Corporation All Rights ReservedAcknowledgments
Prepared by the Web Technologies Team. Please send any feedback to documentation@idx.com.
Copyright Notice
Copyright © 2003-2004 IDX Systems Corporation. All rights reserved. This document is protected by the copyright laws as an unpublished work.
Confidentiality and Proprietary Rights
This document is the confidential property of IDX Systems Corporation (IDX). It is furnished under an agreement with IDX and may only be used in accordance with the terms of that agreement. The use of this document is restricted to customers of IDX and their employees. The user of this document agrees to protect the IDX proprietary rights as expressed herein. The user further agrees not to permit access to this document by any person for any purpose other than as an aid in the use of the associated system. In no case will this document be examined for the purpose of copying any portion of the system described herein or to design another system to accomplish similar results. This document or portions of it may not be copied without written permission from IDX. The information in this document is subject to change without notice.
No part of this document may be reproduced in any form, by photostat, microfilm, xerography, or any other means, or incorporated into any information retrieval system, electronic or mechanical, without the written permission of the copyright owner. Inquiries regarding permission for use of material contained in this document should be addressed to:
IDX Systems Corporation 1400 Shelburne Road Burlington, VT 05402
IDX would like to remind its customers that there may be legal, ethical, and moral obligations for medical care providers to protect sensitive patient information when dealing with vendors such as IDX. Before customers allow IDX to access confidential patient information from the customers’ data processing systems, they must obtain the written consent of the patient. In addition before disclosing confidential information to IDX, customers should obtain the explicit written consent of IDX. Please direct any questions concerning these matters to the IDX Legal Department.
Trademarks
IDX®, IDXtend®, LASTWORD®, and IDXtendR
™ are trademarks or registered trademarks of IDX
Systems Corporation. All other brand and product names are trademarks or registered trademarks of their respective companies.
Contents
Using Active Directory to Install Client-Side Web Framework
Components ... 4
Introduction ...4
Prerequisite Software and Conditions...4
Enabling MSI Distribution on Client Machines ...4
Setting Up an MSI Package for Initial Client Distribution ...4
Setting Up an MSI Package for Automatic Upgrade ...5
IDXR
6/11/04 For Internal Use Only © 2004 IDX Systems Corporation All Rights ReservedUsing Active Directory to Install Client-Side Web Framework
Components
Introduction
In a locked-down environment, an end user cannot install software on a client PC. In a locked-down environment, Web Framework components are distributed using:
MSI packages: The Web Framework installation process delivers Microsoft System Installer (MSI) packages, which contain the client-side ActiveX controls and other components required to run the Web Framework. An IDX staff member (or Framework upgrade process) provides upgraded MSI files.
Active Directory (AD): This feature of Windows 2000 Domain Controller creates a controlled environment, or domain. (This step is not covered in this document.) AD also publishes MSI files to the domain. Each computer in the domain can
automatically “pull” new software and install it behind the scenes upon login. This process ensures proper installation and upgrade of client-side ActiveX controls without manual installation or disruption to the end user.
Note: This process can be used for Active Directory installations at the computer level only (not at user level). In Web Framework version 4.07 only, MSI files can optionally be installed manually by an administrator.
Prerequisite Software and Conditions
The following software and conditions must be in place before you continue with the procedures described in this document.
The Framework and product web servers must have Windows 2000 Domain Controller installed with the Active Directory enabled.
Active Directory domain member machines must be identified.
Client machines must be set up in the domain without administrative privileges.
MSI packages. The MSI files (IDXWebFrameworkControls.msi and
WebXContextlets.msi) are delivered by the Framework installation to
c:\IDXPrograms\Web Framework by default.
Enabling MSI Distribution on Client Machines
For machine-based deployment (recommended), no special steps are required to prepare the client machines.
Important: Users must log out and into the Domain after each distribution or upgrade.
Setting Up an MSI Package for Initial Client Distribution
Follow these steps to distribute your MSI package(s). Controls are installed on domain computers upon login to the domain.
1. Place the .msi file on a public share on the network.
2. In Active Directory, access Active Directory Users and Computers. 3. Create a new Group called "IDX Distribution".
4. In the properties for the new group, go to Group Policy Tab. 5. Click New and enter a new policy name named "IDX ControlPolicy" 6. Click Edit.
7. Under Computer Configuration/Software Installation, click New/Package and open the .msi file from the network share.
8. In the Publish Dialog click Assigned and click OK.
Setting Up an MSI Package for Automatic Upgrade
Follow these steps to distribute your new MSI package(s) after upgrading the Web Framework. Controls are installed on domain computers upon login to the domain.
1. Replace the .msi file with its upgraded version on the public share on the network. 2. In Active Directory, access Active Directory Users and Computers.
3. Find the Group called "IDX Distribution".
4. In the properties for the new group, go to Group Policy Tab. 5. Click on the policy name "IDX ControlPolicy".
6. Click Edit.
7. Under Computer Configuration/Software Installation, click on the existing package and click Remove.
8. On the Remove Software dialog click Immediately remove the software from users and computers.
9. Under Computer Configuration/Software Installation, click New/Package and open the .msi file from the network share.
IDXR
6/11/04 For Internal Use Only © 2004 IDX Systems Corporation All Rights ReservedRequired Client Files
Several files need to exist on a client machine accessing the Web Framework. In most cases, the Framework will automatically install these files when needed, using the browser software. However, in the case where client machines are “locked down” (denied administrator privileges) it is necessary to install these files by another means.
A client install kit intended to install all necessary files, should contain the following files from the IDX Web Framework:
Kit file Description
IDXWF/Context/IDXBrowser ActiveX control that ties into IE to suppress browser toolbars. Installs the files IDXIEController.DLL and IDXBrowserLink.DLL in the windows\Downloaded Program Files IDXWF/Context/IDXKrb ActiveX control for Kerberos security
plugin. Installs the following files: • windows\Downloaded Program Files\IDXKrb.DLL • windows\system(32)\ krb5_32.dll • windows\system(32)\ comerr32.dll • windows\krb5.ini • windows\krb5.conf • windows\system(32)\ krbcc32.dll IDXWF/Context/IDXLauncher ActiveX control for launching Windows
apps. Installs the file
windows\Downloaded Program Files\ IDXLauncher.DLL.
IDXWF/Context/IDXTools ActiveX control for timeout support installs the files windows\system(32) \IDXSyswatch.DLL and
windows\Downloaded Program Files\IDXTools.dll.
IDXWF/Context/IDXWFCB ActiveX control for clearing clipboard. Installs the file windows\Downloaded Program Files\ IDXWFCB.DLL.
IDXWF/Context/IDXWFCC ActiveX control for CCOW Patient
support. Installs the file windows\Downloaded Program Files\IDXWFCC.dll.