The Idealpos Solutions folder contains the Idealpos application and components.
To prevent unauthorised modifications to the folder, a number of steps can be performed as outlined below:
Go to: C:\Program Files (x86) > Right-click on the Idealpos Solutions folder > Properties > Security.
Within the Security tab > Press "Edit" > Select "Everyone".
Ensure that Everyone only has the following checkboxes checked/enabled:
Ensure that the following checkboxes are unchecked/disabled:
Also, ensure that the Network Service Group has full control.
To add Network Service, press the "Add..." button, enter "Network Service" > press "Check Names" > OK > while Network Service is selected, enable the "Full control" checkbox.
This will ensure that the IdealposService, IdealposUpgradeService and other functions have permission to carry out upgrades to Idealpos and components.
Once completed, press "OK" to save the change.
Within the Security tab, press the "Advanced" button.
The "Change Permissions" button may need to be pressed if the "Replace all child object permission entries with inheritable permission entries from this object" option does not appear.
Enable the checkbox "Replace all child object permission entries with inheritable permission entries from this object".
Confirm any prompts to continue with the operation.
After the operation completes, the Idealpos Solutions properties window will be displayed.
Press "OK" to close the window.
A standard Windows user will be required so that they do not have access to modify the Idealpos Solutions folder or any components within the folder.
When any changes to Idealpos are performed (e.g. installation of a new build of Idealpos), an Administrator User's password will need to be entered.
The steps to create a new Windows user may vary by Windows version.
To create a standard Windows user using Windows 11, Right-click the Windows Start button > Settings > Accounts > Other Users > Add account.
How will this person sign in?
Press the link "I don't have this person's sign-in information".
Create account
Press the link "Add a user without a Microsoft account".
Create a user for this PC
Populate the Username, Enter password and Re-enter password fields > Press "Next".
A user account has been created for the new user.
The Account Type should be a "Standard User".
This can be confirmed by expanding the user account with the down arrow, then press the "Change account type" button.
"Standard User" should appear in the dropdown box.
If not, select the dropdown box and change the Account type to "Standard User".
If required, repeat the above process to create additional standard Windows user accounts.
It is recommended that Windows Administrator User accounts are password protected.
To set a password on the account using Windows 11, Right-click the Windows Start button > Settings > Accounts > Sign-in options
Select "Password"
Press "Add"
Enter a password, confirm password and enter a Password hint > Next.
Press "Finish".
The section below Password will show "You're all set up".
Each of the newly created Windows users will require access to the Idealpos database.
To grant those users access to the database, login to Windows using the user account that Idealpos was installed with.
Then go to: Start > Idealpos > IPSUtils.
Within the IPSUtility, go to the Advanced tab > SqlCmd Line.
Run the following commands, ensuring that COMPUTERNAME is replaced with the name of the computer and ensuring that UserName is replaced with the User Name.
The commands will need to be run for each new user that was created, ensuring that the user name is entered each time the command is executed.
Tip!
The PC Name can be retrieved by right-clicking on the Start button > System.
The PC Name will be displayed next to the "Device Name".
USE IPSTransaction
GO
Create login [COMPUTERNAME\UserName] FROM WINDOWS
GO
Exec sp_addsrvrolemember 'COMPUTERNAME\UserName', 'sysadmin'
GO
After running the above commands, SqlCmd can be closed.
Login to Windows as each new user and run Idealpos to test that it starts and functions as expected.
Reduce the use of Windows user accounts that are linked to the Administrator group to prevent unauthorised changes from being made to the core Idealpos application/components.
When an Administrator account is being used, do not leave Windows unattended to prevent unauthorised access or changes to core Idealpos application components.