Permissions guidelines for the CS Professional Suite

Alerts and notices
Leave feedback

Internal Employees: Submit feedback

Contact information (optional):

Leave this blank:

Please tell us how we can make this information more helpful.


Characters left:

What are permissions?

Permissions are the rules associated with files and folders on a single computer or network. A system administrator with appropriate rights can assign permissions to an individual user, a user group, and/or a domain to determine whether you can access a file or folder and what you can do with it. The following table lists the different permission levels most commonly available for files and folders. For more information, refer to Microsoft's help topic File and Folder Permissions. External link (What's this?)

This icon appears alongside links to resources that are not developed or maintained by Thomson Reuters. We provide access to these resources for your convenience, but we are not responsible for their accuracy. If you need additional assistance, please consult your qualified technician and/or the vendor who developed the resource.
Permissions Level Allows Does Not Allow
Full Control Full access to the file or folder, including viewing, changing, creating, deleting, and setting additional permissions N/A
Modify Reading and writing of files and folders, including deletion Setting additional permissions or creating new files or folders
Read and Execute Reading of files and folders in addition to running program files Writing to or modifying files or folders
List Folder Contents Ability to see the files in a folder Any interaction with folder contents
Read Opening of files or folders Running a program or writing to a file or folder
Write Modifying a file or folder Deleting a file or folder

(Table source: Microsoft)

Because CS Professional Suite applications are dependent on appropriate access to local files and folders as well as shared network resources, it is important to properly assign network permissions. 

Changing permission settings

To avoid potential conflicts with existing permission settings that are unique to your firm's network, we recommended that you consult with your qualified IT professional before changing or modifying permission settings.

To learn how to change permission settings, see the following Microsoft help topic.

User permissions

System administrators and individuals with administrator accounts can assign permissions to individual users. The following section contains our recommendations for user permission settings.

Local administrator

To ensure proper access to all CS Professional Suite applications, we recommend that each user has a local administrator account.

Follow the steps below to verify that your profile has administrative rights:

  1. Choose Start > Control Panel > Administrative Tools > Computer Management.
  2. In the Computer Management window, click System Tools > Local Users and Groups > Users.
  3. Right-click your user name and choose Properties.
  4. Click the Member Of tab and verify that the Administrators group is listed.

If you are not an administrator on your computer and you need administrative rights, contact your system administrator for assistance.

Additionally, users need to have Full control over the following directories and their subdirectories.

Run as administrator

When you install or run the desktop setup utility for any CS Professional Suite application, use the Run as administrator option to ensure proper registry of program files. Use one of the following methods to run an application or installation as an administrator.

Method 1: This method allows you to run as administrator just once. Use this method when installing an application or when running a desktop setup utility.

  1. Right-click on the appropriate executable file (.EXE) for the application's installer or desktop setup utility.

    Note: Generally, for CS Professional Suite applications, the desktop setup utility is a file called setup.exe and it is located at X:\WinCSI\[application name]\desktop, where X represents the drive where the application is installed.

  2. Click Run as administrator

Method 2: This method permanently sets the selected application to run in Administrator mode.

  1. Right-click on the appropriate application shortcut icon on your computer's desktop.
  2. Click Properties.
  3. Click the Compatibility tab.
  4. In the Privilege Level section (or the Settings section in Windows 8 and 10), mark the Run this program as an administrator checkbox.
  5. Click OK.

Notes 

  • You may need to restart your computer to apply this change.
  • The Run as administrator option may be unavailable for any of the following reasons.
    • The application itself is prohibited from always running as administrator.
    • The user is not logged into Windows as an administrator.
    • The User Account Control (UAC) setting is disabled. For more information, see the User Account Control (UAC) Settings section below.

Hidden Administrator

Windows 10, Windows 8/8.1 and Windows 7 include a Hidden Administrator account. This user account has full access to all files and folders on the computer, as well as additional privileges that user-created administrator accounts lack. In situations where applications need to be installed on the local machine without any restrictions, or to test for potential permissions-related issues on a separate user account, use the Hidden Administrator user account. By default, the account is not enabled for use. Follow the steps below to enable the Hidden Administrator account.

  1. Enter Command Prompt in the search field on the Start menu (for Windows 7), in the Apps View (for Windows 8) or in task bar (for Windows 10). Windows 8 and Windows 10 users can also right-click the Start menu button and choose Command Prompt (Admin).
  2. In the search results list, right-click Command Prompt and select Run as administrator.
  3. In the command prompt window, enter net user Administrator /active:yes and then press ENTER.
  4. Once this is done successfully, you can log off with your current credentials and log back in using the hidden administrator account. By default, this user account does not have a password, so creating one after logging in for the first time is recommended if you decide to keep the account active. You can use the hidden administrator account to test for potential permissions-related issues. 
  5. To disable this account, log out of the Hidden Administrator account, follow steps 1 and 2, and in the command prompt enter: net user administrator /active:no.

Note: If you receive an error message in the command prompt stating that you do not have access to enable this Administrator account, repeat these steps with a different user account. Note that receiving an error during this process may indicate a permissions-related issue which may be causing other issues with the current user account.

User Account Control (UAC) Settings

User Account Control is a feature in Windows that informs you when a program makes a change that requires administrator-level permissions. Enabling UAC may interfere with the installation, performance, and functionality of CS Professional Suite applications; therefore, we recommend disabling UAC on each workstation by setting UAC to Never Notify. For more information, see User Account Control Step-by-Step Guide External link .

To learn how to disable the UAC, see Microsoft's Turn User Account Control on or off External link article.

Note: Based on the network or security policy of your firm, it may not be possible to disable User Account Control. As stated in the Run as administrator section above, we recommend installing all CS Professional Suite applications by using the Run as administrator option. If UAC is enabled and you encounter any issues while installing or using any CS Professional Suite application, you may need to disable UAC as a troubleshooting step. For further assistance, consult your qualified IT professional.

Server permissions

All users need Read, Write, and Modify access to the network location where your CS Professional Suite applications are installed. Additionally, all users need the same permissions for the application and data folders located in X:\WinCSI, where X represents the drive where the application is installed. For a detailed list of application subdirectories, click the appropriate application in the CS Professional Suite permissions section below.

If your firm chooses to store data outside of the default WinCSI folder, all CS Professional Suite application data folders (e.g. Fcabdata folder) must also have Read, Write, and Modify access for all users.

Group Policy

Group policy is a feature on Windows servers that allows you to control the configuration of user accounts and computer accounts. Policy settings are stored in Group Policy Objects (GPO), which can be machine, user specific, group specific, or domain specific. See Microsoft's article on Group Policy External link for more information.

Reminder: As with any permissions issues, it is important to consult your qualified IT professional before making any changes to Group Policy.

If your firm has implemented Group Policy and is having issues regarding the CS Professional Suite, try the following basic troubleshooting steps.

  1. Move a user out of the standard group policy.
  2. Create a new user outside of your standard group policy.
  3. Move a computer out of your firm's GPO.

If one of the above troubleshooting steps resolves your issue, your qualified IT professional will need to determine and correct the GPO restriction that is conflicting with the CS Professional Suite.

For more information on troubleshooting Group Policy, see Microsoft's troubleshooting guide. External link

CS Professional Suite permissions

If you followed the recommendations above, users and user groups will have assigned the appropriate permissions to use any CS Professional Suite application. The following lists the major directories and subdirectories for each CS Professional Suite application. If you need to modify permissions for directories individually, or if you experience a permissions-related issue with a specific application, click an application from the list below to determine which major directories require Full control.

Notes

  • For 64-bit Windows operating systems, use the Program Files (x86) directory instead of the Program Files directory.
  • For all CS Professional Suite applications, include Full control access for any additional data locations or non-default data locations.
Server/Network
  • X:\WinCSI\Licenses
  • X:\WinCSI\Tools
Server/Network Local
  • X:\WinCSI\Accounting CS
  • X:\WinCSI\Accounting CS Data
  • C:\Program Files\Creative Solutions\Accounting CS
  • C:\Program files\Creative Solutions\QB Data Utility
  • C:\ProgramData\Creative Solutions\Accounting CS
  • C:\Users\[username]\AppData\Local\Creative Solutions\Accounting CS
Server/Network Local
  • X:\WinCSI\Cabinet
  • X:\WinCSI\FcabSys
  • X:\WinCSI\FcabData
  • C:\Windows\System32\spool\drivers\x64\3\fcdrv.bud
  • C:\Windows\System32\spool\drivers\x64\3\fcdrv.dll
  • C:\Windows\System32\spool\drivers\x64\3\fcdrv.gpd
  • C:\Windows\System32\spool\prtprocs\x64\csintprt.dll
  • C:\Windows\System32\spool\prtprocs\x64\csintprt.pdb
Server/Network
  • X:\WinCSI\DSW
  • X:\WinCSI\DeprData
Server/Network
  • X:\WinCSI\$UTPSys
  • X:\WinCSI\UTP
  • X:\WinCSI\UTPData
Server/Network Local
  • X:\WinCSI\Practice CS
  • X:\WinCSI\Practice CS Data
  • C:\ProgramData\Creative Solutions\Practice CS
  • C:\Program Files\Creative Solutions\Practice CS
  • C:\Users\[username]\AppData\Local\Creative Solutions\Practice CS
Server/Network
  • X:\WinCSI\Toolbox CS
  • X:\WinCSI\Toolbox CSData
Server/Network Local
  • X:\WinCSI\UTYY
  • X:\WinCSI\UTYYSys
  • X:\WinCSI\UTYYData
  • C:\Users\[username]\AppData\Local\Thomson Reuters
  • C:\Users\[username]\AppData\Local\Temp\UTYYData
YY represents the year
Local
  • C:\Program Files\Citrix\ICA Client
  • C:\Program Files\Citrix\Receiver
  • C:\Program Files\VO Citrix
  • C:\Users\[username]\AppData\Roaming\ICA Client
  • C:\Users\[username]\AppData\Local\Citrix

Peer-to-Peer (P2P) Network Permissions

A peer-to-peer network follows the same general guidelines detailed in the User permissions and Server permissions sections above. The client workstations should be local administrators and the network share where the CS Professional Suite applications are located should have read, write, and modify access to the application and data folder for both the share and file levels.

SQL Permissions

CS Professional Suite applications that use SQL databases require mixed-mode authentication, which is a combination of Windows Authentication and MS SQL Server Authentication. The authentication can be specified during a manual install of SQL Server, during the process of attaching the SQL Server instance to the appropriate CS Professional Suite application, or through the instance properties in SQL Server Management Studio.

When a SQL Server instance is successfully attached to a CS Professional Suite application, all appropriate SQL Server user accounts and permissions are automatically set. However, if not all permissions are properly set, it may be necessary for your firm's qualified IT professional to make the corrections or to reinstall the application (up to and including the creation of a new SQL Server instance).

Note: If mixed mode is selected during a manual installation of SQL Server or within SQL Server Management Studio, a secure password needs to be specified at that time for the built-in SQL Server system administrator account (named "sa"). Alternatively, Windows Authentication may safely be chosen when creating a new SQL Server instance or when specifying an existing instance; you will later be prompted to allow the installation to modify the authentication to mixed mode on your behalf. This process automatically creates a system-generated "sa" password.

For a comprehensive breakdown of security and protection options for Microsoft SQL, see the following Microsoft articles on Remote Access, Authentication, and other permissions:

Terminal Server Permissions

See below for application-specific permissions settings required in Terminal Server environments.

FileCabinet CS

Before changing permissions in any operating environment, consult your qualified IT professional.

FileCabinet CS users who run in a Terminal Server environment can use the FileCabinet CS print driver in other applications hosted on the Terminal Server.

The FileCabinet Document Names dialog (used to send printed documents to FileCabinet CS) will not appear on a Terminal Server session for non-administrator users if certain permissions aren't set correctly. The Terminal Server administrator must set the following permission on the Terminal Server to enable the driver to work for non-administrator users:

Note: The permissions listed above as "not necessary" can be given; they are only listed as "not necessary" because they are not necessary for the FileCabinet CS Print Driver to work in a terminal server environment.

To access permissions settings, right-click the directory and choose Properties. In the Security tab, click the Advanced button. Highlight the user group (usually the POWER USERS group) and choose View > Edit.

Tip: On rare occasions, firms that do not have correct permissions assigned to the \Wincsi\FcabData directory may experience problems with the FileCabinet CS print driver. To eliminate this possibility, verify that your Terminal Server users have Full Control of the FileCabinet CS data locations.

Examples of errors related to permissions

There are several issues that can arise when faulty permissions settings interfere with CS Professional Suite applications. To view examples of these errors and the steps to resolve them, click the following links.

Related topic

Library of Systems Content for CS Professional Suite

Share This