ABELDent Setup Conventions PDF
Contents
1. Password never expires C Account is disabled 6 The user would then be added to the ABELDent Users OU To add them to the ABELDent Users group start by double clicking on the new username clicking on the Member Of tab clicking in the Add button typing in the group name clicking on the Check Names button and OK ABELDent Setup Conventions Page 12 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions New Username Properties eS o x File Action View Help Remote control Remote Desktop Services Profile 1 COM e alm 6 General Address Account Profile Telephones Organization Member Of Dialin Environment Sessions I Active Directory Users an p D Saved Queries Member of 4 4 ABELDent local Name Active Directory Domain Services Folder p Builtin Domain Users ABELDent local Users b Computers E Domain Controlle p 5 ForeignSecurityPrit b Managed Service b D Users Select this object type 3 ABELDent Users Groups or Builtin security principals From this location ABELDent local Enter the object names to select examples ABELDent Users Primary group Set Primary Grou lt On a small standalone or peer peer network with a Windows 7 or Windows 8 based file server the steps would be similar only they will be performed under computer Management Right click on My Computer select2. e Create an account for ABEL to use if they have to log in to provide support for the product Please contact ABEL directly to provide the username and password Make sure that the ABEL user has dial in permissions and is part of the users group e Set the display resolution to at least 1280 x 1024 e Install the most recent operating system service pack and all critical patches and hotfixes from Microsoft e Turn off any CPU power savers Display power savers should be fine but refrain from using third party screensavers Turn off Hibernation e Install the latest drivers for all printer s and any other devices or peripherals e Install and configure any required agents drivers and programs to facilitate the backup ABEL recommends Internet based backups or backups to removable hard disks o Encryption is strongly recommended for backups to removable media Make sure more than 1 person knows any required passwords and that encryption keys or certificates are stored safely on site and off and that at least 2 people know where these are o If backing up to a local disk Perform a Full System backup with System State o Data only backups This will have to be setup after ABELDent is installed ABEL recommends that the ABELDent folder and its sub folders be backed up SQL backup files will also need to be backed up unless you are using an online backup agent with an SQL plug in o A backup schedule can also be set Most customers will h
3. 139 Microsoft DS 445 NetBIOS 137 NetBIOS 138 SSL 443 RDP 3389 Backup software installed configured to backup 1 Application data 2 Security credentials 3 Log audit files Backup and archive files are encrypted go SI ga alg Sa SS fe Anti Virus software installed No conflict between ABELDent and installed antivirus software VPN software installed configured Uninterruptable Power Supply 1 Setup 2 Software installed Physical security of server desktop verify that ABELSoft s security and auditing checklist has been completed as indicated above IT Technician Name IT Technician Signature ABELDent Setup Conventions Page 25 of 25 Last updated March 6 2014
4. a Inthe right pane right click AnnounceFlags and then click Modify b In Edit DWORD Value type 5 in the Value data box and then click OK Enable NTPServer To do this follow these steps Locate and then click the following registry subkey HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time TimeProviders NtpServer a Inthe right pane right click Enabled and then click Modify b In Edit DWORD Value type 1 in the Value data box and then click OK Specify the time sources To do this follow these steps Locate and then click the following registry subkey HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time Parameters a Inthe right pane right click NtpServer and then click Modify b In Edit Value type Peers in the Value data box and then click OK Note Peers is a placeholder for a space delimited list of peers from which your computer obtains time stamps Each DNS name that is listed must be unique You must append 0x1 to the end of each DNS name If you do not append 0x1 to the end of each DNS name the changes made in step 5 will not take effect Select the poll interval To do this follow these steps Locate and then click the following registry subkey ABELDent Setup Conventions Page 21 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time TimeProviders NtpClient SpecialPollinterval a Inthe right pane right click
5. System Resynching Boot Page File Crash Dump Disk 1 Dynamic System Reserved ABELDent_OS C 127 00 GB 350 MB NTFS 126 65 GB NTFS Online Healthy System Resynching Boot Page File Crash Dump Scp romo DVD D No Media H Unallocated I Mirrored volume 2 3 Backups In the event of data corruption hard disk failure or other failure that results in the loss of data ABELSoft would have to recover the client s most recent backup s ABELSoft users typically use the Backup Utility that is supplied with Windows Server or Windows client operating systems but ABELDent has the flexibility to work with most backup programs and backup services on the market should the customer prefer Detailed backup amp recovery procedures are provided in the ABELDent manual 2 4 Additional Technologies ABELDent has been designed work on the Microsoft Windows platform These platforms have many such features incorporated into the operating system The Windows platform also interoperates with many third party products both hardware and software that can be used to mitigate risk and protect data The level of fault tolerance can be configured to match the requirements of the health care provider In addition to hardware and software solutions there are many services available to help protect your Windows system These include such services as Online Data Backups as well as Remote Monitoring and Administration ABELSo
6. Active Directory Users and Computers 3 The Administrator right clicks on the ABELDent Users OU and selects New gt User from the pop out menus File Action View Help es 2m 4 6 XE B Bm tari I Active Directory Users and Com Name Type De p 2 Saved Queries 4 dq ABELDent local p D Builtin bp 5 Computers E Domain Controllers b 5 ForeignSecurityPrincipal gt a Managed Service Accour There are b Users Al ABELDent Users Delegate Control Move Find New Computer All Tasks r Contact View gt Group Cut InetOrgPerson Delete msimaging PSPs MSMQ Queue Alias Rename wee Refresh Poo Unit Export List Printer Create a Dranertier ABELDent Setup Conventions Page 11 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 4 Fills in the user s first name last name and username then click on next 2 Create in ABELDent local ABELDent Users First name New w E Last name Usemame Full name New Usemame User logon name ene User logon name pre Windows 2000 ABELDENT 5 The initial password would be entered by the administrator twice checking the option to force the user to change it on next logon before clicking on next and then Finish to create the user 2 Createin ABELDentlocal ABELDent Users Password seeeceee cm men V User must change password at next logon _ User cannot change password
7. Hm 5 Default Domain Policy C09999 ABELDENT LOCAL Policy Policy re Policy Setting 4 Computer Configuration D Enforce password history 24 passwords remembered 4 Policies bn Maximum password age 42 days gt Software Settings Lic Minimum password age 1 days 4 Windows Settings Gh Minimum password length 7 characters p 5 Name Resolution Policy Scripts Startup Shutdown 4 EN Security Settings 4 JEF Account Policies gt 3 Password Policy b E Account Lockout Policy gt GH Kerberos Policy p E Local Policies gt Gj Event Log b amp Restricted Groups gt E System Services gt D Registry p E File System b g Wired Network IEEE 802 3 Policies p Windows Firewall with Advanced Secur E Network List Manager Policies p Ea Wireless Network IEEE 802 11 Policies b E Public Key Policies p Software Restriction Policies p D Network Access Protection b Application Control Policies b amp IP Security Policies on Active Directory p Advanced Audit Policy Configuration b gly Policy based QoS p D Administrative Templates Policy definitions 4 p 5 Preferences 4 i User Configuration gt P Policies lt m gt ABELDent Setup Conventions Enabled Define this policy setting Keep password history for 24 ex passwords remembered Page 15 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions S
8. Manage expand System Tools Local Users amp Groups right click on Groups select New Group and then add the group and user in the same way as described above Add the user to the appropriate ABELDent Users group when finished On a small network such as this the user must be created identically on each workstation Usemame Full name New Usemame Password eeecccee creer L User must change password at next logon L User cannot change password C Password never expires C Account is disabled ABELDent Setup Conventions Page 13 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 3 2 Password Policies The following steps describe how to set the group policy to ensure password length amp complexity rules are enabled in Windows Server 2012 R2 OO NADU Click on the Windows Start button Search for Group Policy Management In Group Policy Management expand the tree view in the left column so you can see the Default Domain Policy directly below the domain name x File Action View Window Help e m a Bm 34 Group Policy Management 4 A Forest ABELDent local 4 34 Domains 4 Gj ABELDent local Default Domain Policy b E ABELDent Users b E Domain Controllers p LE Group Policy Objects p D WMI Filters b fe Starter GPOs p I Sites jE Group Policy Modeling Group Policy Management Contents p Name A Forest ABELDent local K Group Policy Results R
9. Such devices might be desirable on larger networks where threats from within the perimeter protection are more likely In such cases ABELSoft recommends the Windows Firewall included with all recent Microsoft operating systems The following has been found to work Product Results Workaround required Microsoft Windows Firewall Tested Client unable to get license Must open port 5093 UDP on server to subnet to allow clients to get license Norton Internet Security Limited testing in the field Must open port 5093 UDP on server to subnet to allow clients to get license ABELDent Setup Conventions Page 8 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 2 Recommendations to help Protect Data and Increase System Reliability One of the strongest advantages of operating on industry standard platforms such as Microsoft Windows based operating system on Intel or compatible hardware platforms is that there are many technologies available that can be leveraged to increase the reliability of your system reduce downtime and protect your data This section briefly discusses a few of these options that ABELSoft recommends that you consider implementing 2 1 Uninterruptable Power Supplies The risk of data loss in the event of a power outage that extends beyond the capacity of the battery to provide adequate power is mitigated by Windows built in ability to monitor power status
10. from each workstation and with each user account 1 5 Database 1 5 1 Microsoft Jet Database Although the SQL database is now our standard platform the Microsoft Access database JET database will continue to be supported for existing customers The JET database engine is installed along with older versions of ABELDent 1 5 2 SQL Server 2012 R2 SQL Server 2008 R2 For the SQL version of ABELDent install SQL Server 2012 R2 or SQL Server 2008 R2 and prerequisites NET Framework 3 5 before installing ABELDent Remember to install all Service packs and hotfixes for SQL Server ABELDent uses Windows authentication to authenticate with SQL Server The ABELDent installation will create the required databases and apply the required permissions for client workstations to access the data It also creates a shortcut under Start gt Programs gt ABELDent Administration to facilitate the creation of typical maintenance schedules and backup jobs Client Machine Setup 1 6 Windows 8 7 client machine 1 6 1 Setup Please conform to the following conventions when setting up Windows 8 7 client machines e We recommend using the NTFS file system e Setup TCP IP as the network protocol We normally configure TCP IP to obtain an IP automatically ABEL recommends a router with a firewall on all high speed internet connections If there is not a router Windows 7 will use Automatic Private IP Addressing APIPA ABELDent Setup Conventions Page 5 of 25 Last updat
11. ABELDent Platform Setup Conventions Introduction 1 1 Purpose of this document The purpose of this document is to provide prospective ABELDent licensees and their hardware vendors with the information that they will require to prepare for the installation and operation of ABELDent It will start with a brief overview of typical platforms and then provide specific information that will be required to configure an ABELDent ready platform The sections on configuration are moderately technical and intended primarily for the use of the hardware vendor or IT professional that will be configuring the system They are not detailed instructions it is expected that a competent IT professional will be familiar with these ubiquitous platforms and understand the conventions If your hardware vendor needs clarification on any of the points please have them call 1 800 267 2235 or email ABEL at idept abelsoft com We are happy to co operate and work with your hardware vendor to ensure that they get all the information required to get your system setup for ABELDent 1 2 General Platform Overview ABELDent runs on Microsoft Windows operating systems and the Microsoft SQL Server 2008 R2 database ABELDent is also available using the Microsoft Jet Access database ABELDent is designed to scale from small peer to peer networks with few workstations to larger networks in busy clinics with dedicated servers serving administrative and clinical workstations in o
12. SpecialPollinterval and then click Modify b In Edit DWORD Value type Time nSeconds in the Value data box and then click OK Note Time nSeconds is a placeholder for the number of seconds that you want between each poll A recommended value is 900 Decimal This value configures the Time Server to poll every 15 minutes Configure the time correction settings To do this follow these steps Locate and then click the following registry subkey HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time Config MaxPosPhaseCorrection a Inthe right pane right click MaxPosPhaseCorrection and then click Modify b In Edit DWORD Value click to select Decimal in the Base box c In Edit DWORD Value type Time nSeconds in the Value data box and then click OK Note Time nSeconds is a placeholder for a reasonable value such as 1 hour 3600 or 30 minutes 1800 The value that you select will depend upon the poll interval network condition and external time source d Locate and then click the following registry subkey HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time Config MaxNegPhaseCorrection e Inthe right pane right click MaxNegPhaseCorrection and then click Modify f In Edit DWORD Value click to select Decimal in the Base box g In Edit DWORD Value type Time nSeconds in the Value data box and then click OK Note TimelnSeconds is a placeholder for a reasonable value such as 1 hour 3600 or 30 minutes 1800 The v
13. Tab gt Uncheck simple file sharing ABELDent Setup Conventions Page 3 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions e While you are here also uncheck Hide extensions for known file types e Create an account for ABELDent users An account can be set up for each user but you should be aware that this account would have to be set up on all client machines from which the user will be running ABELDent This will require a little more ongoing maintenance to administer the accounts when you have staff changes It is up to individual customers to decide what is best for their practice o The ABELDent users should not be part of the administrator group they should be part of the users group o Ensure that each account has a password The users should change their password the first time they log in e Disable the guest account e Puta strong password on the administrator account Make sure that the appropriate person at the office or clinic has this password Normally the dentist office manager or IT person e Ifthe customer will be doing EDI over a modem rather than by iTrans then setup a modem with the appropriate drivers An external modem is recommended e A high speed Internet connection is required for remote support ABEL provides the required software via a browser plug in at the time support is provided Modem connections such as RRAS and PC Anywhere are no longer recommended for remote support connections
14. alue that you select will depend upon the poll interval network condition and external time source Quit Registry Editor At the command prompt type the following command to restart the Windows Time service and then press ENTER net stop w32time amp amp net start w32time ABELDent Setup Conventions Page 22 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 3 7 Disable LMHash Modern Windows systems use a very secure system called Kerberos for secure authentication Passwords are not directly stored or transmitted Standards based hashes MD4 are stored in encrypted databases and only hashes of passwords are ever transmitted Windows systems also have components that support backward compatibility to older less secure authentication systems specifically one component called LANManager ABELSoft recommends that you turn off such compatibility so that password hashes are not stored or transmitted using these older vulnerable standards The following instructions tell how to disable the LMHash Implement the NoLMHash Policy by Using Group Policy To disable the storage of LM hashes of a user s passwords in the local computer s SAM database by using Local Group Policy Windows 8 or Windows Server 2012 or in a Windows Server 2012 Active Directory environment by using Group Policy in Active Directory follow these steps 1 In Group Policy expand Computer Configuration expand Policies expand Windows Settings expand Se
15. amp UPS battery state Windows can be configured to notify users and perform an orderly shutdown preventing data loss Advanced settings Select the power plan that you want to customize P and then choose settings that reflect how you want your computer to manage power Change settings that are currently unavailable Balanced Active v Processor power management Display Multimedia settings E Battery amp Critical battery action On battery Plugged in Low battery levialeiaaikic Critical battery a oes Low battery notification Law hatterv action Restore plan defaults Cancel Apply 2 2 Disk Mirroring and RAID Arrays The risk of data loss in the event of a server hard disk failure is mitigated by Windows ability to mirror the disks In the event of a disk failure the remaining disk continues to work until such a time as it is convenient to replace the failed disk and reestablish the mirror set ABELDent Setup Conventions Page 9 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions Low File Action View Help eo m H m A Sam Volume Layout Type FileSystem Status Capacity Free Spa Free amp ABELDent_OS C Mirror Dynamic NTFS Resynchin 126 65 GB 117 66 GB 93 a System Reserved Mirror Dynamic NTFS Healthy S 350 MB 89 MB 25 C4Disk 0 Dynamic System Reserved ABELDent_OS C 127 00 GB 350 MB NTFS 126 65 GB NTFS Online Healthy
16. at the appropriate person at the office or clinic has this password Normally the dentist office manager or IT person e Set the display resolution to at least 1280x1024 e Install the most recent operating system service pack and all critical patches and hotfixes from Microsoft e Turn off any CPU power saving features and disable hibernation Screensavers are not an issue e Install the latest drivers for all printer s and any other devices or peripherals e Ifthe customer has a high speed Internet connection it is recommended that Automatic Updates be turned on e Turn off unnecessary Services such as Messenger IIS If it will not be needed and FTP If using these services do not allow anonymous access Note that some practices use ABEL s kiosk and case presentation software and will need IIS e Install and configure a reputable Anti Virus Product Set it up to automatically obtain updates regularly It should be configured for real time scanning and for at least 1 full disk scan per week Some products require that ABELDent be added to exceptions 1 6 2 Testing e Test Windows printing from all workstations e Make sure that the client machine can connect to the server and access shares created on the server If you create test shares please remember to remove them when you are through ABELDent Setup Conventions Page 6 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions Compatibility and setup with Fire
17. ave enough space available on disk to perform a full backup with system state on a daily basis This is recommended for small offices without an on site IT person to ensure that all data from all applications is backed up More sophisticated backup rotations can be set up if and when space becomes an issue Note A regular user may not have appropriate privileges to perform full system backups any users that perform backups will have to be added to the Backup Operator s group ABELDent Setup Conventions Page 4 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions e Ifthe customer has a high speed always on Internet connection it is recommended that Automatic Updates be turned on e Turn off unnecessary Services such as Messenger IIS If it will not be needed and FTP If using these services do not allow anonymous access Note that some practices use ABEL s case presentation software amp will need IIS e Install and configure a reputable Antivirus Product Set it up to automatically get updates regularly It should be configured for Real time scanning and for at least 1 full disk scan per week Some products require that ABELDent be added to exceptions 1 4 2 2 Testing e Test any login accounts created so that user profiles are made Make sure users that will require support have appropriate Internet access e Test any other applications that the customer may have purchased such as Word etc e Test Windows printing
18. curity Settings expand Local Policies and then click Security Options 2 Inthe list of available policies double click Network security Do not store LAN Manager hash value on next password change 3 Click Enabled and then click OK ABELDent Setup Conventions Page 23 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 4 Appendix B Security and Auditing Checklist This checklist is provided to help you systematically perform the recommended security setup Practice Name ABEL ID Date Machine Name Machine Name Enforce password history enabled Maximum password age enabled for 90 days Minimum password length set to 8 characters enabled Password must meet complexity requirements Account lockout duration set to 15 minutes Account lockout threshold enabled for 3 attempts Reset account lockout counter set to 15 minutes Audit account logon events enabled for success failure Audit account management enabled for success failure Audit logon events enabled for success failure Audit object access enabled for success failure Audit policy change enabled for success failure Screen saver password protected enabled for 3 minutes Remote Access enabled configured Time synchronization E Firewall rulescreated rules created ABELDent Setup Conventions Page 24 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions MS SQL 1433 MS SQL 1434 NetBIOS
19. e 2m XE B am LE Default Domain Policy C09999 ABELDENT LOCAL Policy Policy m Policy Setting 4 Computer Configuration ej Enforce password history 24 passwords remembered 4 5 Policies Lis Maximum password age 42 days gt E Software Settings bie Minimum password age 1 days 4 5 Windows Settings Minimum password length 7 characters gt 5 Name Resolution Policy us Password must meet complexity requirements Enabled Scripts Startup Shutdown PA eee Sees Dicabled 4 Es Security Settings 4 a Account Policies gt ij Password Policy Security Policy Setting Explain b 33 Account Lockout Policy gt J Kerberos Policy 3 Minimum password length b Gj Local Policies 5 b E Event Log Pee p D Restricted Groups Define thts policy selting p 1 System Services Password must be at least p amp Registry a a characters p 1B File System b ring Wired Network IEEE 802 3 Policies b D Windows Firewall with Advanced Secur E Network List Manager Policies b ia Wireless Network IEEE 802 11 Policies b Public Key Policies b D Software Restriction Policies gt Network Access Protection p 1 Application Control Policies p gt amp IP Security Policies on Active Directory b 1 Advanced Audit Policy Configuration gt gly Policy based QoS p 5 Administrative Templates Policy definitions 4 p 1 Preferences 4 amp User Configuration p Policies lt m gt Bj Group Policy Management Editor E File Action View Help xXEBB
20. ecommended for backups to removable media Make sure more than 1 person knows any required passwords and that encryption keys or certificates are stored safely on site and off and that at least 2 people know where these are o Perform a Full System backup with System State ABELDent Setup Conventions Page 2 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions o Data only backups This will have to be setup after ABELDent is installed ABEL recommends that the ABELDent folder and its sub folders be backed up Note A regular user will not have appropriate privileges to perform full system backups any users that perform backups will have to be added to the Backup Operator s group o A backup schedule can also be set Most customers will have enough space available on their backup media to perform a full backup with system state on a daily basis This is recommended for small offices without an on site IT person to ensure that all data from all applications is backed up More sophisticated backup rotations can be set up if and when space becomes an issue e ifthe customer has a high speed always on Internet connection it is recommended that Automatic Updates be turned on e Setup the group policy to Note This is an optional step to enhance security logs o Audit successful and unsuccessful account login events o Audit successful and unsuccessful account management events o Account lockout to 3 invalid lockout attemp
21. ed March 6 2014 ABELDent Platform Setup Conventions e Name the computer with the customer s ABEL client ID number followed by a hyphen and a numeric extension For example if the ABEL customer ID number is CO9999 ODS name the first client machine CO9999 1 the second client machine C09999 2 and so on e Add the IP address of the ABELDent server to each client s hosts file C Windows System32 drivers etc hosts to facilitate faster name resolution on the network This is especially important on networks that are not running DNS services e Turn off sharing wizard simple file sharing Open My computer gt Tools gt Folder Options gt Go to the view Tab gt Uncheck Use file sharing wizard While you are here also uncheck Hide extensions for known file types e Create account s for ABELDent users The Account names and passwords must exactly match the account s created on the server if in a workgroup environment o The users should not be part of the administrators group they should be part of the Users group o You can create a group for ABELDent users but on most systems all regular users will be ABELDent users so the regular users group can be used instead o Ensure that each account has a password The users should change their password the first time they log in this will have to be done for each user on all machines e Disable the guest account e Puta password on the administrator account Make sure th
22. es these settings are best made in Group Policy Follow the Steps in the previous two steps to enter group Policy The screen saver timeout Policies are set at User Configuration gt Administrative Templates gt Control Panel gt Personalization gt Screen Saver Timeout Suggested value is 180 seconds 3 minutes Some users find this hard to tolerate We suggest trying 3 minutes and if it causes too many problems this value can always be increased later with permission from the appropriate physicians or other authorities E SE eres Previous Setting Next Setting Not Configured Comment Enabled Disabled Supported on At least Windows 2000 Service Pack 1 Options Help Specifies how much user idle time must elapse before the screen saver is launched Number of seconds to wait to enable the screen saver When configured this idle time can be set from a minimum of 1 second to a maximum of 86 400 seconds or 24 hours If set to Seconds 900 zero the screen saver will not be started This setting has no effect under any of the following circumstances The setting is disabled or not configured The wait time is set to zero The Enable Screen Saver setting is disabled Neither the Screen saver executable name setting nor the Screen Saver dialog of the client computer s Personalization or Display Control Panel specifies a valid existing screen saver program on the client 3 5 Make sure
23. ft can help you with such services ABELDent Setup Conventions Page 10 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 3 Detailed Steps on the security settings described above This section provides detailed steps for configuration of the security settings and group policy settings mentioned above for technicians or customers who may not be familiar with them 3 1 Creating ABELDent Users Group and User Accounts This section covers the initial user setup that would normally be performed by the hardware vendor or IT department before ABELSoft comes out to do the installation The ABELDent administrator will set these users up as members in ABELDent and configure the appropriate levels of privilege in ABELDent Ongoing administration including deletion and modification of user accounts is covered in the ABELDent user s manual Initially we recommend that an ABELDent Users Group be setup 1 Login on the server Select Start gt Administrative Tools gt Active Directory Users amp Computers Right click on users and selects New gt Group from the pop out menus Fill in the group name ABELDent Users The Scope of the Group is normally the Domain local The Type of Group is Security OF UT eB OS Each user is set up in Windows with a username matching the member s username in the ABELDent Authentication Manager The typical steps on a Windows 2012 R2 Server would be as follows 1 Login on the server 2 Select Start gt
24. if a Windows 2012 domain does not exist when the administrator creates the user account in Windows 8 the administrator determines whether the user will have the appropriate level of privilege to change their own password 3 6 Setup NTP SNTP Time Synchronization Explanation of NTP time synchronization can be found on the Microsoft website http support microsoft com kb 816042 We are including excerpts on the specific setup steps required here We strongly recommend an external time source as documented here rather than the internal time source that is also mentioned in the same Microsoft article Configuring the Windows Time service to use an external time source To configure an internal time server to synchronize with an external time source follow these steps 1 Change the server type to NTP To do this follow these steps a Click the Start button type regedit and then click OK ABELDent Setup Conventions Page 20 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions b Locate and then click the following registry subkey HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time Parameters Type c Inthe right pane right click Type and then click Modify d In Edit Value type NTP in the Value data box and then click OK Set AnnounceFlags to 5 To do this follow these steps Locate and then click the following registry subkey HKEY_LOCAL_MACHINE SYSTEM CurrentControlSet Services W32Time Config AnnounceFlags
25. ight click on Default Domain Policy and select Edit from the drop down menu In the Group Policy Window click the to expand Computer Configuration Click the to expand Policies Click the to expand Windows Settings Click the to expand Security Settings Click the to expand Account Policy 10 Click on Password Policy 11 ABELSoft recommends that several Policies be set here a Minimum Password length should be set at 8 or more characters b Password must meet complexity requirements should be defined and enabled This will mandate additional criteria beyond the standard Windows case sensitive password c Enforce password history should be set to help prevent passwords from being reused We suggest the maximum value of 24 be used d The above Policy would be ineffective if users could quickly cycle through passwords until they can reuse them A Minimum password age of 30 days will prevent such abuse e A password age of 90 Days will ensure quarterly password changes This would be the longest ABELSoft would recommend Some offices like a Maximum password age of 42 days to ensure password changes at lease every 6 weeks ABELDent Setup Conventions Page 14 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions if Group Policy Management Editor tel es File Action View Help
26. imilar Policies can be applied to Standalone or small peer peer networks using the Local Computer Policy provided by Windows 8 and Windows 7 The Administrator can achieve access to the policy by clicking on Start gt Typing in GPEdit msc gt and clicking on OK The diagram below shows that the same settings are available there g File Action View Help e amb B 15 Local Computer Policy a Computer Configuration E Software Settings Local Group Policy Editor Policy Enforce password history Security Setting 0 passwords remembered Maximum password age 42 days 4 Windows Settings im P 9 y i Minimum password age 0 days E Name Resolution Policy hi aes Hie Scripts Startup Shutdown ne ee 2 s ot Deployed Printers Password must meet complexity requirements Disabled Uy Store passwords using reversible encryption Disabled 4 a Security Settings a T Account Policies T Password Policy E Account Lockout Policy E Local Policies 5 Windows Firewall with Advanced Sec E Network List Manager Policies F Public Key Policies E Software Restriction Policies Application Control Policies 8 IP Security Policies on Local Comput Advanced Audit Policy Configuratior aly Policy based QoS 4 Administrative Templates 4 amp User Configuration E Software Settings E Windows Settings This product is licensed under the Microsoft Software License 1 Administrative Templates Terms to John EH W
27. indows 8 Microsoft Windows Version 6 3 Build 9600 2013 Microsoft Corporation All rights reserved The Windows 8 1 Enterprise operating system and its user interface are protected by trademark and other pending or existing intellectual property rights in the United States and other countries regions 3 3 Account Lockout Policies ABELDent relies on Microsoft Windows to provide the authentication and on Microsoft Windows Group Policy to control the behavior of the system on failures to authenticate The following steps show how to configure a typical account lockout policy This example shows how to set a lockout after 3 invalid login attempts set the lockout duration to 3 days and reset the lockout counter daily So that 3 failed login attempts in a day would lock the user account for 3 days unless an administrator manually unlocked the account Manual unlocking can be performed by the administrator as shown at the end of this section Click on the Windows Start button Select Administrative Tools Click Group Policy Management In Group Policy Management expand the tree view in the left column so you can see the Default Domain Policy directly below the domain name 5 Right click on Default Domain Policy and select Edit Peer ABELDent Setup Conventions Page 16 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions File Action View Help e alr B Bm S Default Do
28. ite HTTP HTTPS 80 TCP For remote support to customers with an Internet connection ABELSoft 443 TCP uses a tool called GoToAssist http www gotoassist com No ports need be kept open to allow incoming traffic on the firewall as the session is initiated inside by the customer going to ABELSoft s web site http www abeldent com and following the link to the remote support server website http www gotoassist com sb abelsoft to enter the appropriate session code Many firewalls only block incoming traffic and allow outgoing connections on all ports In cases where outgoing traffic is also restricted the customer will require outgoing access on ports 80 TCP amp 443 TCP to connect to the remote support session The full session from the form where the session code is entered is encrypted using 128 bit SSL encryption iTrans 9650 outgoing TCP Electronic claims submission 9650 outgoing UDP NTP SNTP 123 UDP Client server workstation time synchronization 1_ This port is optional Terminal Services communication is on port 3389 TCP In the event that Terminal Services Remote Desktop is used to run ABELDent remotely then these ports must be opened on the firewall However if the Remote Desktop session is run within a VPN connection this is not necessary ABELSoft recommends the VPN approach to any customers operating ABELDent over a high speed Internet connection ABELDent Setup Conventions Page 7 of 25 Last updated Ma
29. main Policy C09999 ABELDENT LOCAL Policy 4 Computer Configuration 4 Policies b 15 Software Settings 4 Windows Settings b 5 Name Resolution Policy Scripts Startup Shutdown 4 B Security Settings 4 Account Policies b Password Policy b 36 Account Lockout Policy b GH Kerberos Policy b g Local Policies b Gj Event Log p C Restricted Groups p D System Services gt EA Registry p File System b i Wired Network IEEE 802 3 Policies p D Windows Firewall with Advanced Secur E Network List Manager Policies M m gt Policy be Account lockout duration be Account lockout threshold 2 Reset account lockout counter after Policy Setting Not Defined O invalid logon attempts Not Defined OND Select Account Policy Lockout Click the to expand Windows Settings Click the to expand Security Settings Click the to expand Account Policies 10 Double click Account lockout threshold Security Policy Setting Explain a Account lockout threshold v Define this policy setting Account will lock out after g invalid logon attempts 11 Change the value of Account will lock out after to 3 invalid logon attempts 12 Click OK ABELDent Setup Conventions Page 17 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 13 Double click Account lockout duration Securit
30. nd asking for it e An Active directory domain is normally set up if using the Windows Server operating system With AD user accounts only have to be set up on the server not on each workstation e Create an account for each user e Ensure that each account has a password The users should change their password the first time they log in e Disable the guest account e Usea strong password for the administrator account Make sure that the appropriate person at the office or clinic has this password Normally the dentist office manager or IT person e A high speed Internet connection is required for remote support ABEL provides the required software via a browser plug in at the time support is provided Modem connections such as RRAS and PC Anywhere are no longer recommended for remote support connections e Set the display resolution to at least 1280 x 1024 e Install the most recent operating system service pack and all critical patches and hotfixes from Microsoft e Turn off any CPU power savers Display power savers should be fine but refrain from using third party screensavers Turn off Hibernation e Install the latest drivers for all printer s and any other devices or peripherals e Install and configure any required backup hardware drivers and programs ABEL recommends the backup program that comes with Windows Server Shortcuts should be setup on the desktop for all users or appropriate users to o Encryption is strongly r
31. ndors that do not provide setup and installation services In such cases you are likely to require the services of an experienced IT person who can understand these setup conventions and configure the system s in conformance with the conventions If you are dealing with a hardware vendor that you have not worked with in the past ABEL recommends checking references In many areas ABEL can provide the names of hardware vendors who have prepared ABELDent systems in the past ABELDent Setup Conventions Page 1 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions Server Setup Conventions 1 4 Operating system 1 4 1 Windows Server 2012 R2 Windows Server 2008 R2 1 4 1 1 Setup Please conform to the following conventions when setting up a server with Microsoft Windows Server 2012 R2 Microsoft Windows Server 2008 R2 e We recommend that an Active directory domain be set up e We recommend using the NTFS file system e Setup TCP IP as the network protocol Set static IP addressing for the server ABEL recommends a router with a firewall on all high speed Internet connections The DC is usually configured for DHCP amp DNS In smaller practices without a DC the router usually fills the DHCP DNS roles e Namethe computer with the customer s ABEL client ID number For example if the ABEL customer ID number is C09999 ODS name the server C09999 You can get the customer ID number by calling ABEL s production department a
32. peratories The smaller networks with less than six workstations can be served by a workgroup consisting entirely of computers running the Microsoft Windows client operating systems such as Windows 8 Pro 7 Pro or Vista Business In this environment the file server is typically used as a workstation On larger networks with half a dozen or more workstations a file SQL server with the Microsoft Windows Server operating system is required ABELDent recommends Microsoft Windows Server 2012 R2 or Microsoft Windows Server 2008 R2 The Windows Server operating system supports larger networks and advanced features such as Active Directory security domains disk mirroring remote desktop services and many other features and tools Some small practices with less than 6 workstations still opt for a dedicated server with the server version of the operating system in order use active directory disk mirroring or other such features 1 3 How to proceed ABEL recommends that when looking into purchasing your hardware operating system and other software for ABELDent that you get at least three quotes Please make sure that you provide the ABELDent recommended hardware requirements and these setup conventions so that the hardware vendor can include setup to these conventions in the price that you are quoted Current System Requirements are always available on the ABEL website http www ABELDent com Some customers opt to purchase their own hardware from ve
33. rch 6 2014 ABELDent Platform Setup Conventions 1 8 Anti Virus It is not practical for ABELSoft to test large numbers of Antivirus programs as there are many such programs on the market We routinely check several of the more popular AV utilities with the latest version of ABELDent We post our findings in the table below Always check the online version of this document to ensure that you are reading our most recent findings ABELSoft does NOT exclude our program or data areas from scanning on production systems Such exclusions should not be necessary The following products have been tested with ABELDent version 11 x and 12 x Product Results Workaround steps if required Symantec Endpoint Protection 12 1 No Known Problems n a Kaspersky Small Office Security No Known Problems n a ESET NOD32 No Known Problems n a Microsoft Security Essentials Free No Known Problems Does not install properly on Windows Server 2012 Avast anti virus Reported problems with file scanner Add exclusions for ABELDent executables Table last Updated March 6 2014 check website for most recent version 1 9 Known problems with Firewalls and steps to mitigate ABELSoft does not perform regular testing with the various software firewalls included with many consumer Internet security suites ABELSoft recommends routers or firewall appliances at the perimeter Some people prefer software based firewalls as well
34. that user can change their own password On a Windows 2012 R2 domain when the administrator creates the user account the administrator determines whether the user will have the appropriate level of privilege to change their own password The screen capture below shows the default ABELDent Setup Conventions Page 19 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions setting where User cannot change password is UNCHECKED This setting cannot be selected when User must change password at next logon is selected therefore the setting is already correct for new accounts with User must change password at next logon selected A Createin ABELDentlocal ABELDent Users Password eeeeccee cm pm V User must change password at next logon User cannot change password Password never expires Account is disabled For existing accounts you should manually check to make sure that User cannot change password is unchecked you can get to this setting by clicking on Start gt Administrative Tools gt Active Directory Users amp Computers gt double click on users gt double click on the appropriate user gt Click on the account tab checkboxes will be in the account options area Account options _ User must change password at next logon C User cannot change password C Password never expires C Store password using reversible encryption v Similarly
35. ts and the lockout duration to 15 minutes and the reset account lockout counter to 15 minutes e Turn off unnecessary Services such as Messenger IIS If it will not be needed and FTP If using these services do not allow anonymous access Note that some practices use ABEL s kiosk and case presentation software amp will need IIS e Install and configure a reputable Anti Virus Product Set it up to automatically get updates regularly It should be configured for Real time scanning and for at least 1 full disk scan per week Some products require that ABELDent be added to exceptions 1 4 1 2 Testing e Test Windows printing from all workstations to all printers to which they will need to print 1 4 2 Windows 8 or Windows 7 File Server 1 4 2 1 Setup Please conform to the following conventions when setting up a small practice file server based on a client OS like Windows 8 or Windows 7 e We recommend the NTFS file system e Setup TCP IP as the network protocol Set static IP addressing for the server ABEL recommends a router with a firewall on all high speed Internet connections e Name the computer with the customer s ABEL client ID number For example if the ABEL customer ID number is C09999 ODS name the server C09999 You can get the customer ID number by calling ABEL s production department and asking for it e TURN OFF sharing wizard simple file sharing Open My computer gt Tools gt Folder Options gt Go to the view
36. walls Anti Virus and Security Suites 1 7 Setting up Firewall Appliances The specific instructions for setting up Firewalls vary with make and model and often require certified specialists Most ABELDent communication is internal on the LAN with some exceptions for electronic claims In multi site installations additional ports may have to be opened up to allow ABELDent communication Specific requirements on such communication vary widely depending on the specific architecture of your setup The following table details the types of communication used by ABELDent and what ports may have to be opened up Service or Port Protocol Reason required Function File and Printer 139 TCP To save data to and retrieve data from the file share sharing 445 TCP Windows NetBIOS 137 UDP 138 UDP ABELDent 5093 UDP Only when thick clients with floating licenses are operating through the licensing firewall without a VPN ABELDent 1504 TCP If customer has subscribed to ABELDent patient portal Portal Thin Client 3389 TCP To run the Remote Desktop Client control Terminal Services HTTP HTTPS 80 TCP If the physicians require Internet access for clinical research then 443 TCP the physician would typically access information by visiting web sites with a browser The articles would typically be in html pdf or word format Occasionally the information would be delivered as a chargeable or restricted service over an SSL secured web s
37. y Policy Setting Eglain a4 Account lockout duration B Define this policy setting Account is locked out for 5 E mues 14 Type in the value 15 minutes 15 Click OK 16 Double click on Reset account lockout counter after Security Policy Setting CE Eglain aN Reset account lockout counter after v Define this policy setting Reset account lockout counter after 15 2 minutes 17 Type in the value 15 minutes 18 Click on OK 19 Click the X in the upper right of the Group Policy window ABELDent Setup Conventions Page 18 of 25 Last updated March 6 2014 ABELDent Platform Setup Conventions 3 4 Inactivity timeout and lock ABELDent leverages Microsoft Windows technologies that lock a system upon detection of inactivity The procedure is described below ABELSoft recommends Windows 8 for secure use workstations In these cases ABELDent and operating system logon security is integrated i e Single sign on methodology These workstations can be set in Windows to automatically lock after a defined period of inactivity at the workstation by specifying the screen saver to be the native Windows 8 password logon screen saver These settings can be enforced and locked down with an enforced group policy for groups of stations or users or individual stations or users Like the Password and Account Lockout Polici
Download Pdf Manuals
Related Search