System policy manager A system administrator can use the System policy features to prevent fraudulent or inappropriate use of DT Max. If you enable the System policy you can restrict users to using DT Max on just a single database or in a single domain, you can disable the use of certain features in DT Max, and can prevent the user from making changes to certain settings and preferences. Enabling the system policy requires some additional administration, and imposes restrictions on the way the program will function. You should not do this unless the nature of your business requires you to place these restrictions on your users. Only a DT Max user with system supervisor privileges and in possession of the database encryption password can configure, enable or disable the system policy; use Preferences -> Security system -> System policy manager. Database Tab Database location and domain To limit users to only using one DT Max database, enter the location of that database. If a user tries to run using a different database, DT Max will run in Demo mode, which will prevent filing a valid tax return. If you do not need this restriction leave this field blank. Similarly you can limit users to running DT Max only on a specified domain. If a user tries to run on a different domain, DT Max will run in Demo mode. If you do not need this restriction leave this field blank. Note that the system policy settings are stored in the file DTWPOL which is linked to the licence key file, DTWKEI, which in turn is created in every database. Entering a database location in the System policy manager prevents the DTWKEI and DTWPOL from being copied and used to validate other databases.
Normally preferences and settings are stored in .INIT setup files, which have a format similar to standard Windows .INI files. Because these can be edited in a simple text editor it is possible for fraudulent or accidental changes to be made. To guard against this you can require that the setup files be locked. In this case they are encrypted using the database encryption password, and cannot be changed outside of DT Max without invalidating them. If the System policy requires locked setup files (.INIX files) then it will start in Demo mode if these are not present or are invalid.
These tabs contain identical controls, but allow you to make different policy settings for the System supervisor and for Other users.
If you need to prevent your users from using certain of the features of DT Max, select that feature to be disabled in this section.
If you need to prevent your users from making any changes to their DT Max preferences, select one or more of the preference sections. This will prevent the users from being able to change those settings in DT Max, and will also prevent any of those settings being read in from the users' personal .INIT files. Relationship between the System policy and the Security system An DT Max administrator should look first to using the Security system to control access to its DT Max database. This provides password protection to the data in your company's database, and also offers many controls to prevent unauthorized or inexperienced users carrying out specified actions in DT Max. The security system provides strict password controlled encryption of the client data, and controls access to features within DT Max. The System policy is an additional layer aimed at preventing fraudulent or accidental misuse of a company's DT Max licence and client base.
Control of these pieces of information is vital to the integrity of your Security system and System policy. Only trusted administrators should be in possession of this information. Possession of the database encryption password enables changes to be made to the security system such as adding users, and changing privileges. It also allows the System policy to be reconfigured. Possession of the DT Max licence key enables other databases to be set up,
which could potentially be used to file valid tax returns that do not appear
on your main company client database.
September 14, 2007 |
