NetResults ProblemTracker
Web Server Security Overview

If you do not wish to configure web server security (perhaps your web server is on an internal machine behind a "firewall"), you have completed ProblemTracker installation and configuration. You can now login to ProblemTracker or proceed to the ProblemTracker tutorial.

ProblemTracker Security

ProblemTracker supports security at two levels. The product includes a flexible user group based security scheme, allowing control of access to both function (Add, Edit, View, etc.) and data records. In addition, ProblemTracker also supports the use of your web server's native security mechanisms to limit access to the web pages themselves. If you have very strict security requirements, you may wish to apply authentication to your ProblemTracker installation to restrict access to the relevant web pages based on function. By default, the ProblemTracker installation sets up anonymous access for the workgroups and a combination of Basic and Integrated Windows authentication for the Workgroup Management System. The section below provides a description of the default security configured by the installation set up program.

Default Security Set by the Installation

The ProblemTracker installation program creates 2 user accounts: PUSR4HOSTNAME and PADM4HOSTNAME where HOSTNAME is the TCP/IP host name of the machine where ProblemTracker is installed. PUSR4HOSTNAME is used as the anonymous user account for accessing the workgroups. PADM4HOSTNAME is used as the account to perform operations in the Workgroup Management System (WMS). Use of the operations in WMS always require local Administrator credentials.

The following table displays the minimum file permissions needed to use the ProblemTracker workgroups and WMS with the default installation setup.

Note that the following table assumes that a workgroup named pteval, the Evaluation Workgroup, has been installed. For your workgroup, substitute your workgroup name where "pteval" appears. rootDir is the web server root directory where the ProblemTracker content and web files were installed (by default, C:\Inetpub\wwwroot\ProblemTracker). winDir is the operating system root directory (for example, C:\WinNT). programfilesDir is the location where the ProblemTracker installation files were installed (by default, C:\Program Files\NetResults\ProblemTracker5).

Directory and/or File User or User Group - Permissions Required
rootDir and all subdirectories Administrators - Full Control
rootDir/ptadmin and all subdirectories Administrators - Full Control
rootDir/ptadmin/Database Administrators - Full Control
PUSR4HOSTNAME - Read
rootDir/ptadmin/Database/ptadmin.mdb Administrators - Full Control
PUSR4HOSTNAME - Read
rootDir/ptcgiadmin and all subdirectories Administrators - Full Control
PUSR4HOSTNAME - Read and Execute
rootDir/ptcommon and all subdirectories Administrators - Full Control
rootDir/ptcommon/Database Administrators - Full Control
PUSR4HOSTNAME - Modify
rootDir/ptcommon/Database/ptcommon.mdb Administrators - Full Control
PUSR4HOSTNAME - Modify
rootDir/pttemplate and all subdirectories Administrators - Full Control
PUSR4HOSTNAME - Read
rootDir/pttmp Administrators - Full Control
PUSR4HOSTNAME - Modify
rootDir/pteval and all subdirectories Administrators - Full Control
PUSR4HOSTNAME - Read
rootDir/pteval/Attachments Administrators - Full Control
PUSR4HOSTNAME - Modify
rootDir/pteval/Database Administrators - Full Control
PUSR4HOSTNAME - Modify
rootDir/pteval/Database/bugtrack.mdb Administrators - Full Control
PUSR4HOSTNAME - Modify
rootDir/pteval/Importer/ProblemTracker and all subdirectories Administrators - Full Control
PUSR4HOSTNAME - Modify
winDir/temp (and/or) winDir/tmp Administrators - Read, Write
PUSR4HOSTNAME - Read, Write
programfilesDir Administrators - Full Control
PUSR4HOSTNAME - Read, Execute
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA Administrators - Read, Write
PUSR4HOSTNAME - Read, Write
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys Administrators - Read, Write
PUSR4HOSTNAME - Read, Write

Applying Basic Authentication to Restrict Access by Function

Many web servers allow you to restrict access to a web site on a per user basis via a process called Basic Authentication. ProblemTracker has been designed with this in mind, allowing you to limit access to any function by using the web server's built-in security mechanism.

Note: In the sections below we have described how to set up Basic authentication because that is supported by all browsers which are supported by ProblemTracker. However, if your users are exclusively using Internet Explorer, you can instead (or additionally) configure Integrated Windows authentication (a stronger form of authentication than Basic authentication). To configure Integrated Windows authentication, check the Integrated Windows authentication box instead of (or in addition to) the Basic authentication box when instructed to do so in the following sections.

Setting Web Server Security

The procedure for configuring web server security varies for each web server product. This document provides general instructions for setting up security as it relates to ProblemTracker for the following web servers. However, you should also consult the documentation provided with your web server for details regarding its security options.

ProblemTracker Organization

The ProblemTracker web pages are organized by function as shown in the following table. In general all pages related to a particular function have been included in the same directory, using a common program file. By applying security to these directories and program files as desired, you can limit each individual or group in your organization to the functions appropriate to their job. When a user browses to a page or program where security has been applied, a dialog appears in their browser requiring them to enter a User Name and Password. Depending upon their identity, they will be allowed or denied access to the resource.

Note that the following table assumes that a workgroup named pteval, the Evaluation Workgroup, has been installed. For your workgroup, substitute your workgroup name where "pteval" appears. rootDir is the web server root directory where the ProblemTracker content and program files were installed (by default, C:\Inetpub\wwwroot\ProblemTracker).

Function Directory
Workgroup Management System (WMS) Administrative Functions rootDir/ptadmin
rootDir/ptcgiadmin
rootDir/ptcommon
rootDir/pttemplate
rootDir/pttmp
Workgroup Administrative Functions rootDir/pteval/Admin
rootDir/pteval/Importer
Normal Internal User Operations rootDir/pteval/Intranet
rootDir/pteval/Images
External User Operations rootDir/pteval/Internet
Add Record rootDir/pteval/Intranet/Add
Edit Record rootDir/pteval/Intranet/Edit
View Record rootDir/pteval/Intranet/View
Advance Record State rootDir/pteval/Intranet/Task
Delete Record rootDir/pteval/Intranet/Delete
File Attachments rootDir/pteval/Attachments
Generate Report rootDir/pteval/Intranet/Report
Discussion - Enterprise Edition Only rootDir/pteval/Intranet/Discuss
ProblemTracker Software Development Kit rootDir/pteval/API
Knowledge Base rootDir/pteval/KB
Self Registration rootDir/pteval/SelfReg
Documentation rootDir/pteval/Help
Workgroup Management System Admin Documentation rootDir/ptadmin/Help
Workgroup Admin Documentation rootDir/pteval/Help/Admin
User Documentation rootDir/pteval/Help/Std

All Workgroup functions need at least Read permission on rootDir/pteval/Include directory.

WMS Operations that can impact your Custom Security Settings

The Repair, Move, and Upgrade operations that can be performed in the Workgroup Management System can reset the customized security you have applied to the locations listed in the table above. Before you use the Repair, Move, or Upgrade operations, it is recommended that you take note of the security scheme you have applied, then re-apply these changes after using one of those operations.

For more information on the WMS operations, please refer to the following sections in the WMS Help Guide:

Repairing a Workgroup
Moving a Workgroup
Upgrading a Version 3 Workgroup
Upgrading a Version 4 or 5 Workgroup