SOP - Setting the user rights in Windows 11

Note:

This SOP was prepared and tested on the computer with Windows 11 Pro operating system (English localization), with the latest updates (as of 16.12.2022) installed.

The whole process described in this walk through has to be performed by a person who has the system Administrator rights (for example a company IT worker). It assumes that the computer is freshly installed with no user accounts other than the administrator one. Clarity is supposed to be already installed. In case that user accounts are already present, (for example computer is connected to domain with domain user accounts), the IT worker performing following steps needs to apply following procedure to already existing user accounts.

  • Open the Computer Management window, navigate mouse cursor over the Windows icon of the Windows Start Menu and click right mouse button to invoke context menu and select Computer Management item. The Computer Management window will open. Navigate to item Users available under Local Users and Groups item.

    • Computer Management

  • Create a new computer user:
  • Click on Action command (or invoke context menu using right mouse button) and select New User.... Fill in all empty fields in the New User dialog set password and its setting based on policy of the organization where Clarity is installed and click Create button.

    • Create New User

  • Repeat this procedure for each additional user you want to add.
  • Create a group for all user accounts that will use Clarity

    • Note:

    It is not necessary to create a group for the users. It is recommended to do so if there are multiple users that are going to work with Clarity, but it is always possible to set necessary access rights directly for user accounts.

  • Creating group is similar to user creation. Navigate to Groups available under Local Users and Groups section.
  • Use Action - New Group name it and add description. Then click Add to manage members.

    • Users Group

  • Click Advanced in Select Users dialog. Select User (Advanced) dialog is opened.
  • Click Find Now and select all users you want to add from Search results: list at the bottom of the dialog.
  • You can check which users are members of the group in the group properties.
  • Then it is necessary, to perform first login for all newly created users. This step is compulsory and must be performed in this stage and not later. Performing the logging later may compromise all settings performed later and threaten the "electronic" security of all records created by Clarity.

Note:

During the first login, the newly created users are automatically added to the Authenticated User group which is done by the operating system by default. In order for Clarity to function under GLP, the Authenticated User must not have access to Clarity subfolders and thus this group must be deleted (which is explained in the steps below).

  • Then local Administrator with administrator privileges has to login on the operating system and continue with following steps.
  • Find the directory where Clarity is installed using. If DataFiles subfolder is meant to be located outside of its default place, check that the it is properly setup by using System Directories in Clarity.
  • Change the privileges for the user accounts you added earlier for the subfolders Cfg, DataFiles (wherever DataFiles subfolder is located) and Bin:
  • Right-click on the subfolder Cfg and select the Properties command from the context menu.
  • Switch to the Security tab.
  • Select Advanced and window Advanced Security Settings for Cfg opens.

    • Cfg Folder Security Properties

    Advanced Security Settings - Initial state

  • Click Change permissions button which will invoke new window for settings of permissions. Click Disable inheritance button and new Block inheritance window will be invoked. Click Remove all inherited permissions from this object option which will result in cleared out Permission entry in Advanced Security Settings for Cfg window.

    • Block inheritance

    Advanced Security Settings - No Entry

  • Click the Add button which will invoke new window for settings of the permissions. Click Select a principal to open Select User or Group dialog.

    • Permission Entry

  • Click Advanced... to open advanced dialog view.

    • Select User - Initial

  • Click Find Now and select the group you created for Clarity users. If you didn't create any select individual accounts.
  • Click OK in the Select User of Group (Advanced) and Select User of Group dialogs.

    • Select User - Advanced

    Select User - Final

  • Select necessary permissions for user accounts of the users who should run Clarity according to the image below.

    • User Permission Entry

  • Repeat this procedure for Administrator user account and SYSTEM. Both should have all privileges.

    • Administrator Permission Entry

  • Final security settings for Cfg is displayed in image below.

    • Advanced Security Settings for the Cfg Folder

  • If needed the settings can be reviewed for respective users/group from the Security tab in Cfg Properties window.
  • Repeat this complete procedure for DataFiles folder for user group (all user accounts of users who should run Clarity) and local Administrator user account in completely same manner (SYSTEM permissions are not required here.)

    • Advanced Security Settings for DataFiles Folder

  • Repeat this complete procedure for Bin folder for user group (all user accounts of users who should run Clarity), local Administrator user account, and SYSTEM in the similar manner. Be careful as permissions setting for users is different (SYSTEM and local administrator both require full control).

    • User Permission Entry for Bin Folder

    Advanced Security Settings for Bin Folder

  • All user accounts of users who should run Clarity can create shortcut of Clarity on the their respective Desktop.