Microsoft periodically releases updates for its operating systems through an automated engine known as Windows Updates or Microsoft Updates. In many restaurants, workstations simply don’t have Internet access, and are therefore unable to get these important updates. These updates are absolutely necessary to ensure smooth operation of your system, and all updates labeled as “Critical” by Microsoft are absolutely necessary in order to maintain PCI-DSS compliance.

Manual updates

Whenever possible, the back-office PC should be allowed to install Windows updates automatically. However, even with automatic updates, some important updates (often called “recommended updates”) may not be installed. For this reason, you must run Windows Update manually from time to time, and install all recommended updates, not only the critical ones.

POS Workstation Updates

Just like the main back-office PC, POS workstations also need to be updated through Windows Updates. If the POS workstations don’t have direct internet access, make sure to get them connected at least periodically so they get all the latest updates and fixes. As with the main back-office PC, make sure to periodically run Windows Updates manually, and install any and all recommended updates in addition to critical updates.

Maitre’D 8 and Microsoft SQL Server 2008 R2

Windows Updates / Microsoft Updates will also update other Microsoft products you may have. If you are using Maitre’D 8, you also have Microsoft SQL Server 2008 R2 installed. Be sure to manually run Microsoft Updates periodically and be on the lookout for available updates and service packs for this product as well.

Once the latest drivers are installed for the network hardware, all the available settings and features will be unlocked. These settings and features are very often overlooked. Not only can they improve networking performance, but they can also improve general system performance by freeing up memory and CPU time by relieving the operating system of some basic tasks.

There are far too many manufacturers, device types and models to list all possible settings here. For a complete list of settings and features for your specific hardware, please consult your manufacturer’s website and documentation. Here is a quick list of settings that are common to almost all network adapter cards:

Speed settings

For 100Mbps and gigabit adapters, the speed will most likely be set to some kind of “auto detect” setting. The auto-detect feature generates a small amount of unneeded traffic to detect the speed of the network. If you know the actual speed at which your network is running, then make sure to select the same speed everywhere, instead of using the auto-detect feature. For example, if you have 100Mbps switches and adapters everywhere, then select 100Mbps on all your adapters and other network hardware you may have, such as switches, hubs, routers, etc.

Avoid “Throttling down”

Using components of different speeds on the same network or “Throttling down” generates a lot of overhead that will cause slower components to operate even slower than their nominal speeds.

For example, some newer network equipment supports Gigabit Ethernet (1000 Mbps), while some older equipment may still only support up to 100 Mbps. When working with such a mixed environment, make sure to use the highest common denominator, so that all equipment operates at the same speed setting. For instance, if a switch can operate at 10, 100 and 1000 Mbps but your main back-office computer can only support 10 and 100 Mbps, then configure everything to operate at 100 Mbps.

Duplex settings

Typically, available choices are Full Duplex or Half Duplex. An adapter working in Full Duplex can work at full speed while receiving and transmitting at the same time. An adapter working in Half Duplex can work at full speed while receiving, or at full speed when transmitting. If it is doing both at the same time, then the transmit/receive speed is cut in half.

For example, if you have a 100Mbps adapter running in half-duplex, it would be able to transmit at 100Mbps or receive at 100Mbps. However, if it is transmitting and receiving at the same time, then it would transmit at 50Mbps and receive at 50Mbps.

Adapters should always be set to Full Duplex. If that setting is not available, see if a driver update is available, or simply replace the network adapter with one that supports full duplex.

TCP/IP offloading

TCP/IP offloading should be enabled on all adapters that support it. This setting forces the network adapter to take care of TCP/IP transmit and receive checksums, instead of the operating system. This frees up CPU time as well as memory, and the adapter card performs much better than the operating system at these tasks. It can improve networking performance as well as general system performance.

Network Interface Card (NIC) Drivers

The very first step to ensure top performance from the network is to obtain and install the very latest available driver for your Network Interface Card (NIC). These drivers can be obtained from the manufacturer of the network interface card or networking chipset. Here is a list of some of the most popular brands and manufacturers: • 3Com • Realtek • Intel • D-Link • Netgear • Cisco / Linksys • Belkin • TRENDnet • StarTech • TP-Link

Microsoft Generic drivers

Very often, Windows will install a Microsoft generic driver for a device. While these drivers allow the device to function at a basic level, it may not be able to unlock all the features of the device. Whenever a device is using a Microsoft generic driver, steps should be taken to obtain and install the latest available manufacturer-approved driver.

System Manufacturers

If you own a PC that was manufactured by a major manufacturer such as Dell, HP/Compaq, IBM or others, you may not always have the latest drivers provided by the manufacturer. Always check your PC manufacturer’s site first, and then check your NIC manufacturer’s site, in case a more recent driver is available for your device and operating system

Multiple operating systems on the same network

Having the very latest driver available is crucial, especially if multiple operating systems are in use in your network, such as Windows Embedded POS Ready 2009 and Windows 7

Network equipment firmware

Network equipment, such as hubs, switches and routers have built-in firmware that can be updated. Check the manufacturer’s website to find the latest available firmware for your hardware, and apply these updates.

Hardware type

The hardware chosen plays a big part in network performance. For example, using an Ethernet switch will provide more bandwidth than a hub at the same speed, due to the full-duplex capability and the elimination of network collisions. Network cables are often neglected, yet they play a big part in the performance as well.

For instance, using Cat5e cables on a Gigabit Ethernet network may work, but you may find that the performance of such a network is worse than a 10BaseT network, because the cables are not suitable for the equipment.

What is UAC?

User Account Control (UAC) is a technology and security infrastructure introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012 and Windows 10. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorizes an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges, and malware should be kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorizes it.

Disabling UAC

DO NOT disable UAC. Before installing Maitre’D, make sure that UAC is active and set to the default (Recommended) level. As a security feature, UAC is required to operate at all times on all Windows systems that support it. This is also necessary to maintain PCI-DSS compliance on all systems using Electronic Funds Transfer, even in EMV environments.

Normally, all the required exceptions are automatically added to the Windows firewall the first time you start Maitre’D. However, to ensure fluid communications between multiple operating systems, additional firewall rules could be setup.

Here are the instructions to create rules in the Windows Firewall under Windows XP Professional. These steps are somewhat similar to those of Windows 7. Of course, there are other Firewalls available, but there are far too many to give detailed instructions about all of them. For more details on setting up rules for other firewalls, please consult the documentation that was provided with the software that you purchased.

1- Click the Windows Start button, and select the Control Panel option.

2- Double-click on Windows Firewall

3- Click on the Exceptions tab.

4- Click on Add Program…

5- Click Browse…

6- Browse to C:\POSERA\MaitreD\PRG, select the file called bosrv.exe, and click Open.

7- The program will be displayed in the list.

8- Repeat the above steps for the following programs, which are all located under C:\POSERA\MaitreD\PRG.

a. Bosrveft.exe b. Boreport.exe

9- Click OK to close this window.

10-You will be back to the Exceptions tab. Now, click on Add Port.

11- You will be opening port 1001 on the firewall. This port is used for Workstation communication. Therefore, give a meaningful name to this rule, such as “Maitre’D Workstations”, and type in 1001 in the port number field.

12- Select the TCP option, and then click OK to save this rule. 13-Create another port rule for port 1002 using the same steps as above. 14-Lastly, click OK to save your settings and close the Windows Firewall configuration window.

If you have a different firewall or if you are using a different version of Windows, please consult the relevant documentation which came with your software to learn how to setup exceptions and rules.

Please read the next section for a complete list of ports and applications used in Maitre’D 7.05 and Maitre’D 8.

Reorder and optimize protocols

1- Click the Windows 7 Orb, and select the Control Panel option.

2- Under Network and Internet, click on View network status and tasks.

3- On the left-hand side, click on Change adapter settings.

4- Select the Local Area Connection, or any connection you use to connect to the Maitre’D network, and click the Advanced menu.

a. If you can’t see the menu bar, click on the Organize button, point to Layout and click on the Menu Bar option.

5- From the Advanced menu, select the Advanced Settings… option.

6- As the Advanced Settings window opens on the Adapters and Bindings tab, locate the Local Area Connection in the top part of the window.

7- Select the Local Area Connection, and click the green up-arrow button to move it towards the top of the list.

8- Make sure that the Local Area Connection is at the very top of the list.

9- Make sure that the Local Area Connection remains selected. Then, using the same method as described above, make sure that the Internet Protocol Version 4 (TCP/IPv4) is listed first under each binding.

10-Repeat step #9 for each connection. For example, if you have multiple NIC cards, wireless adapters or VPN connections, make sure that the TCP/IPv4 protocol comes first for each of them.

11-Click on the Provider Order tab, and locate the Microsoft Windows Network provider.

12-Select the Microsoft Windows Network provider, and click the green up-arrow until it reaches the top of the list.

13-Click OK to save your settings and close this window.

14-Repeat these steps for each and every connection you use for Maitre’D on this PC, if there is more than one.

15-Repeat these steps on all Windows 7 PCs across your network.

Disable TCP/IPv6

The 128 bit TCP/IPv6 is the protocol that is meant to replace the current 32 bit TCP/IPv4 protocol. However, as of November 2016, TCP/IPv6 traffic barely represents 16% of all the Internet traffic monitored by Google1 . Furthermore, TCP/IPv6 used in conjunction with TCP/IPv4 on the same system is known to have caused communication issues.

For these reasons, it is recommended that the TCP/IPv6 be disabled on all systems that support it. These include:

• Windows 7 • Windows 8.1 • Windows 10 • Windows Server 2008

Warning!

Before disabling the TCP/IPv6 protocol, please ensure that it is not used within the organization and that there are no plans to do so in the near future. Also, please confirm this information with the local IT department or system administrator. Note that disabling the TCP/IPv6 is not permanent. It can very easily be re-enabled should it be required in the future.

1- Click the Windows 7 Orb, and select the Control Panel option.

2- Under Network and Internet, click on View network status and tasks

3- On the left-hand side, click on Change adapter settings.

4- Right-Click the Local Area Connection, or any connection you use to connect to the Maitre’D network, and select the Properties option.

5- The Local Area Connection Properties window will open. Remove the check mark from Internet Protocol Version 6 (TCP/IPv6).

6- Click OK to save the changes, and close all other remaining windows.

If there is a need to re-enable Internet Protocol Version 6 (TCP/IPv6), simply follow the exact same steps as described above to reach the local area connection properties, and re-enable the checkmark.

Here is a list of all default ports and processes commonly used in Maitre’D 7. Use this list to help in building rules and exception for firewalls and Anti-Virus software.

TCP Ports

TCP Port 1001

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: BOSRV.EXE, POS.EXE, STARTER.EXE. Network: LAN only This is the default port used by the Maitre’D Back-Office server to initiate communication with the workstations and needs to be open for inbound and outbound traffic on the local network only. This port is user-configurable in Server Control / View / Options / Advanced / TCP/IP Port.

TCP Port 1002

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: All Maitre’D applications Network: LAN only This port is used by workstations to initiate communication with the Maitre’D Back-Office server and needs to be open for inbound and outbound traffic on the local network only. This port number could change depending on what has been configured as default communication port. The port number will always be Default Port + 1. For instance, if the default port is set to 5000, then workstations will use TCP port 5001 to initiate communications.

Ports for Electronic Funds Transfer (EFT)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider. Network: LAN and Internet Ports used for EFT vary according to processors / acquirers. Please review the documentation provided by your EFT processor / acquirer to learn which ports need to be opened. For some interfaces, the TCP port is user-configurable through EFT / View / Options / Interface. In all cases, ports used need to be opened for inbound and outbound traffic over the local network as well as over the internet.

Room Charge Interface (TCP/IP based protocols only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, varies according to service provider. Network: LAN only The TCP port used for the Room Charge / Hospitality / PMS interface is userconfigurable from Server Control / View / Options / Room Charge / Communication / IP Port. Please review the documentation provided by your Room Charge / Hospitality / Property Management software provider.

Frequent Diner Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, varies according to service provider. Network: LAN and Internet The TCP port used for the Frequent Diner interface is user-configurable from Server Control / View / Options / Frequent Diner / Communication / TCP Port. Please review the documentation provided by your Frequent Diner interface provider.

Gift Certificate Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider. Network: LAN and Internet The TCP port used for the Gift Certificate interface is user-configurable from Server Control / View / Options / Gift Certificate / Communication / TCP Port. Please review the documentation provided by your Gift Certificate interface provider.

Table Management Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, MDProcessor.exe, varies according to service provider. Network: LAN and Internet The TCP port used for the Table Management interface is user-configurable from Server Control / View / Options / Table Management / Port. Please review the documentation provided by your Table Management interface provider.

Schedule Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, MDProcessor.exe, varies according to service provider. Network: LAN and Internet The TCP port used for the Schedule interface is determined by the service provider. In Maitre’D, a URL to communicate with the service provider is configured in Time & Attendance / View / Options / Schedule Interface. Please review the documentation provided by your Table Management interface provider.

Note on Threaded Communication

If your system has the Threaded Communication enabled (ThreadedComm=2 in the bo.ini) more ports are actually used by Maitre’D to communicate with workstations. With this option enabled, Maitre’D receives data over ports 1001 and 1002, and then replies to the workstation over another port so that TCP Ports 1001 and 1002 remain free.

The port number that will be used by Maitre’D to reply to the workstation is determined by the Windows network driver. Typically, the first available port will be used. These extraneous ports are used for outbound communication only, so they should not be blocked by your local firewall.

Processes / Applications

In order to ensure smooth operations, rules should be added to firewalls and anti-virus software so that the following processes and applications are never blocked or scanned:

Bosrveft.exe

This is the process managing all Electronic Funds Transfer (EFT) transactions. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

BoReport.exe

This application is actually the Report Center module. It does not need to communicate through firewalls, but it does need to be excluded from virus scans or other software which may interpret BoReport.exe’s behavior as a threat.

GHServer.exe

This is the process that manages E-Global Head-Office server communication with restaurants. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

GHClient.exe

This is the process that manages E-Global communication from the restaurant to the Head-Office server. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

MDProcessor.exe

This is the process that manages the Maitre’D Schedule and Table Management Interfaces. If used, this process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication.

Certificate validation

On corporate networks with high levels of security and restrictions, Security Alerts about security certificates like the examples below may appear:

To resolve this issue :

1- Ask the network administrator or IT department to unblock / whitelist the following

URL: http://ocsp.pki.goog

Once you receive confirmation from your IT department or network administrator that the URL has been unblocked or whitelisted, you can confirm that the issue is resolved by following these steps:

1- open an internet browser window (Google Chrome, Microsoft Edge, Firefox, etc…), then copy the URL below and paste it into your browser’s address bar:

http://ocsp.pki.goog/GTSGIAG3/MFEwTzBNMEswSTAJBgUrDgMCGgUA BBT27bBjYjKBmjX2jXWgnQJKEapsrQQUd8K4UJpndnaxLcKG0IOgfqZ% 2BuksCEAMtBRMuCmJTJfoYmAg9mqk%3D

2- A prompt to download a file should appear.

3- Click the Cancel button. (There is no need to actually download this file. The simple fact that the download prompt comes up is enough to tell that the URL was correctly unblocked.)

The issue is now resolved.

Main Back-Office

On the Main Back-office PC, the MaitreD folder, located in C:\POSERA\MaitreD, needs to be shared for all workstations to see. All workstations need Full Control over that shared folder, as files will be read, written, modified, deleted, and executed.

If Windows 7 is in use, please see the Advanced Sharing options section above.

Backup Serve

On the backup server, the MaitreD folder, located in C:\POSERA\MaitreD, is not shared. However, it will automatically become shared if the backup server needs to take over from a failed main back-office. Therefore, the user which is logged on to Windows on that PC needs to have enough access to be able to change sharing settings. The application that will change the sharing is bosrv.exe.

Here is a list of all default ports and processes commonly used in Maitre’D 8. Use this list to help in building rules and exception for firewalls and Anti-Virus software.

TCP Ports

TCP Port 443 Traffic: Inbound and Outbound Protocol: TCP Services: https over SSL/TLS Applications: N/A Network: LAN, WAN and Internet This is the port used by Microsoft B.I.T.S. to securely transfer files from the Maitre’D Back-Office over to Posera’s secured file server. Microsoft B.I.T.S. uses https over SSL/TLS for secure transfer, so this port needs to be open for outbound traffic. Also, this port is required for all https traffic, so it needs to be open for inbound traffic as well.

TCP Port 1001

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: BOSRV.EXE, POS.EXE, STARTER.EXE. Network: LAN only This is the default port used by the Maitre’D Back-Office server to initiate communication with the workstations and needs to be open for inbound and outbound traffic on the local network only. This port is user-configurable in Server Control / View / Options / Advanced / TCP/IP Port.

TCP Port 1002

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: All Maitre’D applications Network: LAN only This port is used by workstations to initiate communication with the Maitre’D Back-Office server and needs to be open for inbound and outbound traffic on the local network only. This port number could change depending on what has been configured as default communication port. The port number will always be Default Port + 1. For instance, if the default port is set to 5000, then workstations will use TCP port 5001 to initiate communications.

TCP Port 4256

Traffic: Inbound and Outbound Protocol: TCP, UDP Services: Applications Applications: BOSRV.EXE, POS.EXE, STARTER.EXE, OCS.EXE, MDTransServer.exe, MDTransClient.exe, UtilityCenter.exe Network: LAN only This port is used by the Maitre’D OCS configuration to communicate between the Maitre’D Back-Office server and all the OCSes operating in the restaurant. This port needs to be open for inbound and outbound traffic on the local network only. Note that UDP broadcasts are used on this port to discover peers.

TCP Port 11000

Traffic: Inbound and Outbound Protocol: TCP Services: Applications Applications: BOSRV.EXE, MDMonitor.exe Network: LAN only This port is used by the Maitre’D Back-Office server to communicate with the Maitre’D Monitor Service (MDMonitor.exe). This port needs to be open for inbound and outbound traffic on the local network only.

Ports for Electronic Funds Transfer (EFT)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider. Network: LAN and Internet Ports used for EFT vary according to processors / acquirers. Please review the documentation provided by your EFT processor / acquirer to learn which ports need to be opened. For some interfaces, the TCP port is user-configurable through EFT / View / Options / Interface. In all cases, ports used need to be opened for inbound and outbound traffic over the local network as well as over the internet.

Room Charge Interface (TCP/IP based protocols only) Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, varies according to service provider. Network: LAN only The TCP port used for the Room Charge / Hospitality / PMS interface is userconfigurable from Server Control / View / Options / Room Charge / Communication / IP Port. Please review the documentation provided by your Room Charge / Hospitality / Property Management software provider

Frequent Diner Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, varies according to service provider. Network: LAN and Internet The TCP port used for the Frequent Diner interface is user-configurable from Server Control / View / Options / Frequent Diner / Communication / TCP Port. Please review the documentation provided by your Frequent Diner interface provider.

Gift Certificate Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, BOSRVEFT.EXE, varies according to service provider. Network: LAN and Internet The TCP port used for the Gift Certificate interface is user-configurable from Server Control / View / Options / Gift Certificate / Communication / TCP Port. Please review the documentation provided by your Gift Certificate interface provider.

Table Management Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, MDProcessor.exe, varies according to service provider. Network: LAN and Internet The TCP port used for the Table Management interface is user-configurable from Server Control / View / Options / Table Management / Port. Please review the documentation provided by your Table Management interface provider.

Schedule Interface (Third-party interfaces using TCP/IP only)

Traffic: Inbound and Outbound Protocol: Varies according to service provider Services: Varies according to service provider Applications: BOSRV.EXE, MDProcessor.exe, varies according to service provider. Network: LAN and Internet

The TCP port used for the Schedule interface is determined by the service provider. In Maitre’D, a URL to communicate with the service provider is configured in Time & Attendance / View / Options / Schedule Interface. Please review the documentation provided by your Table Management interface provider.

Note on Threaded Communication

In Maitre’D 8, Threaded Communication is always enabled and cannot be disabled. This means that more ports are actually used by Maitre’D to communicate with workstations. With Threaded Comms, Maitre’D receives data over ports 1001 and 1002, and then replies to the workstation over another port so that TCP Ports 1001 and 1002 remain free.

The port number that will be used by Maitre’D to reply to the workstation is determined by the Windows network driver. Typically, the first available port will be used. These extraneous ports are used for outbound communication only, so they should not be blocked by your local firewall. However, firewalls on the receiving end need to be able to accept communication on those ports.

Processes / Applications

In order to ensure smooth operations, rules should be added to firewalls and anti-virus software so that the following processes and applications are never blocked or scanned:

Bosrv.exe

This is the Main Back-Office server process which needs to be running at all times for your Maitre’D system to work. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

Bosrveft.exe

This is the process managing all Electronic Funds Transfer (EFT) transactions. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network as well as over the internet

BoReport.exe

This application is actually the Report Center module. It does not need to communicate through firewalls, but it does need to be excluded from virus scans. Historically, this application was often viewed as a virus by many major Anti-Virus suites, and was also very often blocked by Windows’ Data Execution Prevention engine. To ensure smooth operation of reports, this application needs to be excluded from any scan or security feature which can potentially block it.

MDProcessor.exe

This is the process that manages the Maitre’D Schedule Interface and the Table Management interface. This process needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network as well as over the internet.

Maitre’D 8 Services

Maitre’D Communication Server

Executable name: MDTransServer.exe This service manages communications between Maitre’D and OCS devices on the network. This service needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

Maitre’D Communication Client

Executable name: MDTransClient.exe

This service manages communications from OCS devices on the network. This service needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

Maitre’D Monitor Service

Executable name: MDMonitor.exe

This service oversees special operations with the workstations and also manages the posting of transactions to the SQL Database. This service needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

Other Services – Maitre’D 8

In order to operate properly, Maitre’D 8 requires other services to be running. These services are generally provided by Microsoft, and are automatically configured during the installation of Maitre’D 8.

Background Intelligent Transfer Service

Executable name: C:\Windows\System32\svchost.exe -k netsvcs

Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.

The Maitre’D Communication Server and Maitre’D Monitor services are both dependant on this service. It needs to be running at all times. This service needs to be excluded from virus scans and allowed through the firewall for inbound and outbound communication on TCP Port 443, for the local network, across corporate WANs and over the internet.

SQL Full-Text Filter Daemon Launcher

Executable name: fdlauncher.exe

Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make fulltext search features of SQL Server unavailable.

This service needs to be running at all times, be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

SQL Server

Executable name: Sqlservr.exe

Provides storage, processing and controlled access of data, and rapid transaction processing. This service needs to be running at all times, be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

SQL Server Agent

Executable name: SqlAgent.exe

Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks. This service needs to be running at all times, be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

SQL Server Browser

Executable name: Sqlbrowser.exe

Provides SQL Server connection information to client computers

This service needs to be running at all times, be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

SQL Server Reporting Services

Executable name: ReportingServicesService.exe

Manages, executes, renders, schedules and delivers reports.

This service needs to be running at all times, be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

SQL Server VSS Writer

Executable name: SQLWriter.exe

Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.

This service needs to be running at all times, be excluded from virus scans and allowed through the firewall for inbound and outbound communication across the local network only.

Windows 7 or later

The instructions below only apply to the Windows 7 or later operating systems. These are new options that were not available in previous versions.

1- Click on the Windows 7 start button, and select the Control Panel option.

2- Click on Network and Internet

3- Click Network and Sharing Center.

4- On the left-hand side, click Change advanced sharing settings.

5- Configure the settings for Domain and Work profiles as illustrated on the following page.

a. Select Turn on network discovery. b. Select Turn on file and printer sharing. c. Select Turn off Public Folder sharing. d. Select Use 128-bit encryption to help protect file sharing connections.

Description

Windows Server 2003, Windows Server 2008 and Windows Server 2012 all have the Data Execution Prevention (DEP) security tool enabled for all programs and services by default. This feature is required for security purposes, and should never be disabled for any reason. This feature prevents applications from running malicious code on your server and is essential for its protection. It is also required for PCI-DSS compliance.

However, Maitre’D processes and executable files need to be excluded from DEP in order for some Maitre’D features to work properly. This section will explain how to exclude Maitre’D files and processes from DEP.

Excluding Maitre’D Processes from DEP

1- Click the Windows Server 2008 Start button, and select Control Panel.

2- Select System and Security.

3- Select System

4- On the left-hand side, click on Advanced System Settings.

5- The System Properties window will open on the Advanced tab. Click the Settings… button located in the Performance section.

6- Click the Data Execution Prevention tab, and click the Add… button.

7- Select the executable file to be excluded from DEP, and click the Open button.

8- A new entry will be added to the DEP list as Maitre’D Suite.

9- Repeat the process for all Maitre’D executables that need to be excluded from DEP. They will all be listed as Maitre’D Suite. This is normal.

List of executables to exclude from DEP

All versions

• C:\POSERA\MaitreD\PRG\BoSrv.exe • C:\POSERA\MaitreD\PRG\BoSrvEFT.exe • C:\POSERA\MaitreD\PRG\Bo.exe • C:\POSERA\MaitreD\PRG\Boar.exe • C:\POSERA\MaitreD\PRG\Bocnfg.exe • C:\POSERA\MaitreD\PRG\Bodeliv.exe • C:\POSERA\MaitreD\PRG\Boeft.exe • C:\POSERA\MaitreD\PRG\Bofloor.exe • C:\POSERA\MaitreD\PRG\Bogl.exe • C:\POSERA\MaitreD\PRG\Boinv.exe • C:\POSERA\MaitreD\PRG\Bopos.exe • C:\POSERA\MaitreD\PRG\BoReport.exe • C:\POSERA\MaitreD\PRG\BoTa.exe • C:\POSERA\MaitreD\PRG\Converter.exe • C:\POSERA\MaitreD\PRG\Mapper.exe • C:\Windows\System32\Crypserv.exe • C:\ProgramData\Posera\Maitre'D\8(or 7)\Crp32002.ngn

Maitre’D 7.05 only

• C:\POSERA\MaitreD\PRG\BoUtil.exe

Maitre’D 8.0 only

• C:\POSERA\MaitreD\PRG\DatabaseCenter.exe • C:\POSERA\MaitreD\PRG\BoSafe.exe • C:\POSERA\MaitreD\PRG\MDAgent.exe • C:\POSERA\MaitreD\PRG\MDEODMonitor.exe • C:\POSERA\MaitreD\PRG\MDMonitor.exe • C:\POSERA\MaitreD\PRG\MDProcessor.exe

Internet Explorer settings for Maitre’D 8

These settings need to be configured in Internet Explorer, or directly in the Internet Options in the Windows Control Panel. This only applies to Maitre’D 8.0 or later.

These settings are meant to resolve the issue where a Windows logon prompt would appear while trying to load the Maitre’D 8.0 KPI reports.

1- Click on the Windows 7 start button, and select the Control Panel option

2- Click on Network and Internet.

3- Click Internet Options.

4- Click on the Security tab, then on Local Intranet and then click on Custom Level…

5- Scroll all the way down the list and choose Automatic logon with current user name and password

6- Click OK to close this window.

7- Make sure that all instances of Internet Explorer and all Maitre’D Modules are closed, then start the Maitre’D Back-Office again. You should no longer be prompted for your Windows Username and password

If you are still being prompted for a Windows username and password, try rebooting the computer. If it is still doing it after the reboot, then you may need to enable the same configuration for the Internet zone.

8- Follow the same steps as above to reach the Internet options.

9- This time, from the Security tab, select Internet and perform the same configuration as explained for the Local Intranet zone.

Windows 7 or later

The user that is logged on needs to have Full Control over the following folders: • C:\POSERA • C:\ProgramData\Posera\Maitre'D\7 For all operating systems, the user needs to have sufficient access to be able to install applications such as service pack updates.