Terminal Server w/ QB 2006

Do you have a problem making up you mind or to you just like hearing yourself talk?

"We are quite happy with it." "We are looking at QB alternatives again."

I think that he is looking for accurate info so that he can make an intelligent decision. Is there something wrong with that?

You know Allan at first I thought you were a rude ignorant man, now I find you very amusing, and quite often cut through to point. Regards

Greg

Why can't he be both?

When some one complains about how the food tastes and at the same time comments how small the portions are it gives one for concern.

Well, the data sheet says it works in Terminal Server so it must :)

"Use in a Terminal Server environment is supported for Windows XP Pro/2000 Server/Server 2003 Terminal Services"

They would be shooting themselves to destroy the Terminal Services compatibility since that is by an order of magnitude the best performing and most reliable way to use Quickbooks in a multi-user configuration.

To me the big new features in 2006 that make me think it is worth the upgrade are in the Enterprise version:

1) The move to some kind of SQL back end - giving better performance and scalability for larger reports, and more than five simultaneous users

2) The use of far more granular security rules. To me this is a big benefit; the existing security rules are beyond pathetic....

Mike,

I have appreciated your help with Terminal Services in the past.

Have you installed any QB2006 with TS yet ?

The Intuit web site states in KB ID# 124603 that QB 2006 Start, Simple, Pro and Premier are not supported in a Terminal Server environment.

Thanks,

*Watt

Will,

Thanks for the reply.

Do you have a reference on that ?

Here is QB 2006 knowledge base article 124603.

"Title: Microsoft Terminal Server functionality for QuickBooks KB ID#:124603 Products Affected:QuickBooks 2006 All Versions Categories:Install/Convert

Question: Does QuickBooks work in a Windows Terminal Server environment?

Answer: QuickBooks: Simple Start, Pro, and Premier editions are not supported in a Windows Terminal Server environment. QuickBooks Enterprise Solutions is supported in a Windows Terminal Server environment and can easily connect your multiple office locations and remote workers using the third-party software of Windows Terminal Services. "

Thus you can see my concern.

Thanks,

*Watt

Hey, for the psychologists out there, Allen just about defines "projection".

Thanks, Allen

This has been the Intuit party line for ever. "Not Supported" does not necessarily mean "Does not work".

Mike Schumann

Mike,

Yeah, I know.

But I hate to invest in the 5-user version only to find out "this time we mean it". You may recall that with QB2001 one of Intuit's updates blocked using online services while in Terminal Server mode.

Have you actually installed QB2006 on a Terminal Server yet ?

Previous versions of QB had a couple tricks published on the web to get TS running well. Since the file sharing method has changed, I was anticipating that the installation for TS likely has changed as well.

Just doing my due diligence here.....

Thanks again,

*Watt

Will,

Looking at buzz on quickbooksgroup.com about installing QB2006 Pro makes your security comment quite timely.

Apparently you have to grant full administrator privs on the server to anyone who uses QB 2006 Pro.

Here's a 12/2/2005 post from MiaAPQB. (I'll clip the parts about 3 hour hold times to talk to an unhelpful tech in India)

"Well, I got the answer today, after calling several times and being very persistant. On a server install, all users must have administrator rights, that is the only way it will work. I was told, that they are working on it and it will be fixed in one of the updates."

What a security nightmare that would be!

I guess I will wait for a later release, and see what Intuit does as far as bug fixes. Given the problems with QB2006, it may be better to pick up a discounted copy of QB2005 and wait to upgrade in 2007 or 2008.

For our company, pricing is not the only parameter we look at. Out time is worth money to us. If a program is too disruptive, we will avoid it like the plague. These QB upgrades are way too disruptive. We can't afford the downtime, and have no interest in chatting with folks in India for hours on end.

Cheers,

*Watt

I haven't tried it yet.

Why not get an evaluation copy of QB 2006 and try it yourself?

Mike Schumann

P.S. Post your results.

Are you sure you have to be administrator? QB 2005 required you to be a "Power User", which is not as big an issue.

Mike Schumann

Mike,

Great idea!

I scanned around the QB web site, and I couldn't find a link for that. I know that previous years had evaluation versions.

Do you have a link or address I can use to request an evaluation copy?

Worst case scenario would be buy the product, and then return it within 60 days if not satisfied, but I hate to shell out 700 clams and then beg for a refund.

Thanks ,

*Watt

Do a search on evaluation copy on the Quickbooks.com web site or in google. They still are offering this on their accountant web sites. I'm not sure why they aren't pushing this for normal people.

Mike Schumann

Watt, it doesn't surprise me that Quickbooks requires administrators rights. That probably is a giant hack that just makes it easier for them to support the product, and there probably *is* a way to secure everything for users. The catch is do you have an extremely smart security consultant who you are willing to pay $100/hr for 20 hours to have him debug all of the registry and file system permissions in order to reconfigure the installation to make it more secure?

It's one of my greatest frustrations that Windows XP, 2000, and 2003 cannot be easily secured. Security is just really hard work. The software vendors know that, which is why they largely ignore the issue. And it's a lot easier to support a hack like "Make every user administrator" than to really think through the NTFS file permissions required to support secure access to the application. That's one reason we are starting to put every member server onto its own dedicated segment behind a firewall. The firewalls at least help to contain spread of any contamination that gets onto a machine.

It sure suprises me. The only thing that actually runs on the server is the Quickbooksdb service if the server is to host a QB 2006 file. There is no reason why users accessing the shared data from their workstations need to have administrative rights on the server itself. The only permissions theses users should require are read and write to the shared folder.

Personally do not believe for one moment what was said about users needing administrative rights in the post. I think we are discussing bullshit here.

We were discussing the case where the application runs by Terminal Services. That means that all users are logging into the same machine that has both the data and the binaries, and in effect all of those users login locally simultaneously to use the Quickbooks binaries and data locally.

We have seen problems in earlier versions of Quickbooks on file sharing in a Terminal Services configuration, if you want to restrict most file access to read only. The files that need to be read-write (such as the dictionary) are often spread out secretly among all the files. You end up having to use low level utilities like the ones made by SysInternals to see which files Quickbooks wants access to, and at what level. Even then, you typically only debug the minimum necessary and end up with the occasional strange message in Windows server eventviewer that cannot be easily explained.

In earlier versions of Quickbooks at least, it doesn't appear that Intuit invested one dime in thinking through the details of what kind of permissions each file would need to have. Telling us to make all users who login locally via Terminal Services members of the Administrators is something some vendors do, unfortunately. Actually most of them simply say "not supported" when asked about Terminal Services because they don't want liability if you make the user administrator. It typically means they put someone novice on it for a few days, and the only way he could make the configuration work was by becoming administrator. I guess it is hard enough to make the software work at all, let alone to think through the intricacies of a real security model.

The friendliness of Windows is just a facade for people who don't really understand technology. Underneath the superficial layer, it is not just unimaginably complex (e.g., the registry, the file ACLs that co-mingle local system and domain entities, and the poorly documented security policy ACLs), it is also unimaginably ugly and unimaginably disfunctional, and the more money I dump into expensive projects to secure it, the more I realize that it is not securable in any budget that is economic. Windows 200x is the operating system that costs $500 to buy and $20K to make safe, and after you spend that $20K it is only safe from about 96% of all users. The other 4% know more than your consultants knew, and they can just take whatever their ethics let them rationalize.