Upgrade Permissions - Hybrid Configuration

Whilst many schools have successfully configured their systems to apply workstation updates using SOLUS 3, our recommended approach is to apply the upgrade to the SIMS server using SOLUS 3 and configure SOLUS 3 to auto-extract a setups folder which contains the latest versions of the executables which are triggered whenever SIMSLoad.exe is run on the client machine (this file is run whenever SIMS is launched from the SIMS Applications programme group).

In order to run these files (S:\SIMS\Setups\SIMSApplicationserup.exe etc.), users of SIMS .net must be granted the appropriate system access rights to areas of the c:\ drive.

It would be recommended with the current technology available to manage users workstation permissions and system access through Active Directory/Group Policy.

A file contained within the S:\SIMS\Setups folder, SIMSPerm.bat can be run to achieve the appropriate level of access rights for each SIMS .net user on their designated workstation. With SIMSPerm.bat, these access rights can be assigned either on an individual or a group basis. For simplicity, it is suggested that you run the batch file with the parameter for the system groups, to reduce the number of times it has to be run, assuming that the appropriate system groups have been set up. SIMSPerm.bat replaces some of the functionality originally provided by MSI Enabler. 

In Addition to running SIMSPerm.bat, SIMS users on the workstation must have the 'Full Control' to the following files and folders: 

- C:\Documents and Settings\Username\Local Settings\Application Data\Temp - OR - C:\Users\Username\AppData\Local\Temp
- C:\Windows\Temp
- My Documents
- C:\Windows\SIMS.ini
- SIMS .net folder (usually located in C:\Program Files\SIMS\) 
- S:\SIMS (where S:\ is the mapped folder) **NOTE: The SIMS share is likely to contain sensitive data that customers may not want accessible to their entire SIMS user base, e.g. Financial data. Customers should be aware of this when administering permissions to the share** 


Who Can Run SIMSPerm.bat? 

  • Only Local Administrators can run SIMSPerm.bat. 


What will happen if I do not run SIMSPerm.bat? 

  • Running SIMSPerm.bat is the easiest way and the recommended way of achieving the appropriate level of access rights in order to use SIMS .net modules. If you do not run SIMSPerm.bat, you will have to ensure that every user has been granted system administrator access rights before they can run upgrades to SIMS .net. 


Will SIMSPerm.bat work on Windows 8, 7, Vista or Server 2008, 2012

  • SIMSPerm.bat should work on Windows 8, 7, Vista and Server 2008, 2012. There is not a separate copy of this tool for these operating systems, however UAC (User Account Control) can prevent you from running it. Please refer to the UAC section below for advice on how to run SIMSPerm.bat if UAC prevents you from running it. 


Will SIMSPerm.bat work on 64-bit operating systems? 

  • There is not a 64-bit version of the SIMSPerm.bat tool available and unfortunately SIMSPerm.bat does not take into account 64-bit workstations where SIMS may be installed to. 


If the workstation uses a 64-bit operating system or if the SIMS .net client has been installed to another location, other than C:\Program Files\SIMS\SIMS .net, then you will need to update the batch script to point to the correct location as follows"

1. Select 'Start > Run' from the Task bar to open the Run dialog.

2. In the Open field, enter: S:\SIMS\Setups\SIMSPerm.bat (where S: is the network drive that holds the SIMS SQL Server and the filepath points to your SIMS Setups folder)

3. SIMSPerm.bat requires an additional parameter in order to identify the system user or group of system users for whom you wish to set access rights. Access rights can be set either for an individual user or for a group of users.

To assign the appropriate access rights to a single user, enter: S:\SIMS\Setups\SIMSPerm.bat <Domain Name>\<System User Name> 
e.g. S:\SIMS\Setups\SIMSPerm.bat ADMIN01\AUSER

or

S:\SIMS\Setups\SIMSPerm.bat <System User Name> 
(removing the Domain Name from the parameter will force the batch file to search for a locally stored user profile)

To assign the appropriate access rights to a group of users, enter: 
S:\SIMS\Setups\SIMSPerm.bat <Domain Name>\<System User Group>

4. Click the OK button. 

Running SIMSPerm.bat with UAC
If UAC (User Account Control) is preventing you from running SIMSPerm.bat on a Windows 8, 7 or Vista machine, you can either disable or set UAC to the lowest setting possible and reboot the machine (so that these changes can take affect), or you can run this tool by doing the following on the workstation: 
IMPORTANT NOTE: It is strongly recommended that UAC is only disabled temporarily or as a last resort, as disabling UAC could be a potential security risk. 
1. Go to: Start > All Programs > Accessories. 

2. Right click on 'Command Prompt' and select 'Run as Administrator' - Click 'Ok' if you receive a prompt asking you if you want to continue. 

3. Change the current directory to your SIMS Setups directory. E.g. CD S:\SIMS\Setups

4. Update and run the SIMSPerm.bat command as above, e.g. 

SIMSPerm.bat <System User Name> 
(removing the Domain Name from the parameter will force the batch file to search for a locally stored user profile)

To assign the appropriate access rights to a group of users, enter: 
SIMSPerm.bat <Domain Name>\<System User Group> 

Some Additional Notes

All SIMS users must have Read permissions to S:\SIMS (where S:\ is the mapped network folder to the SIMS Server). Please ensure that the connect.ini file in this location (if it exists) has Read/Modify permissions for all SIMS users.

Additional permissions for other folders may also be required. These additional permissions are necessary for a small number of users who are responsible for the completion of specific tasks and are discussed in the following section.

NOTE: The majority of users will remain unaffected and will require no additional permissions.

If any of the folders specified in the following section do not exist, please create them and then apply the prescribed permissions.

  • Users who are responsible for the import and export of NDC Results must have Read/Write/Modify permissions to the Folder locations specified in the Routines | Data Out | NDC Results andRoutines | Data In | NDC Results menu routes in SIMS.
  • Attendance users who are responsible for setting up attendance letter definitions must have Read/Write/Modify permissions to the S:\SIMS\Attend folder.
  • SEN users who are responsible for the creation and management of Individual Education Plans (IEPs) must have Read permissions to the IEP Writer Path specified in the Tools | Setups | SEN Setup menu route in SIMS.
  • Users who are responsible for the import and export of Common Transfer Files (CTFs) must have Read/Write/Modify permissions to the default folder locations (CTF import directory and CTF export directory) specified in the Tools | Setups | CTF menu route in SIMS.
  • Examinations Organiser users who are responsible for the publishing of Performance Reports must have Read/Write/Modify permissions to the Folder for Performance Reports location specified in the Tools | Examinations | PI Setup menu route in SIMS.
  • Examinations Organiser users who are responsible for the import and export of data from the software must have Read/Write/Modify permissions to the EDI directories (Inbox, Outbox and Holding Box) specified in the Tools | School Setup | School Details menu route in Examinations Organiser.
  • Cover users who are responsible for the publishing of cover arrangements must have Read/Write/Modify permissions to the location path (Publish to HTML) specified in the Tools | Cover | Global Settings menu route in SIMS.
  • Nova T6 users require full access to C:\Windows\SIMS.ini and read, write and modify permissions as a minimum to the SIMS\SNOVA directory (usually a path like S:\SIMS\SNOVA, where S:\ is the drive containing the SIMS directory).
  • FMS users who are responsible for the transfer of files (e.g. for use in CFR, Central Authorisation, etc.) must have Read/Write/Modify permissions to the transfer folder specified in Establishment Details (Folder). This location is specified in FMS via Tools | Establishment Details – System Parameters.
  • FMS users who are responsible for the creation of BACS files must have Read/Write/Modify permissions to the export folder (Out Directory) specified in Accounts Payable Parameters. This location is specified in FMS via Tools | Accounts Payable Parameters.