eCopy Connector for Scan to Desktop

The Scan to Desktop connector enables ShareScan users at an eCopy-enabled device to scan documents and send them to recipients’ scan inboxes or to network home directory folders, where the scanned documents can be retrieved by using eCopy PaperWorks, which was called eCopy Desktop in previous versions of ShareScan. For information about using eCopy PaperWorks, refer to the eCopy PaperWorks documentation or Help.

Depending on the configuration of the connector, the recipient may be the user scanning the document or any other eCopy PaperWorks user whose scan inbox is set up to receive scanned documents via the connector. The connector can also be configured to send scanned documents to storage destinations, specifically Windows, or Novell folders.

When a ShareScan user at an eCopy-enabled device chooses a recipient, the scanned document is delivered to the recipient’s scan inbox or to the specified folder in the recipient’s network home directory.
You can configure the connector to secure the scan inboxes of recipients. Users must enter the network password associated with a recipient’s scan inbox before the connector can send scanned documents to the scan inbox. The Authenticate users option is automatically selected when the inbox type is set to “Home Directories”. Any user can send a scanned document to any user’s scan inbox. However, only the owner can read from the scan inbox.
The list of available recipients that appears on the Specify Recipient screen (in the ShareScan Client) includes all users in the Windows Active Directory or Novell eDirectory, unless you restrict usage by choosing a base DN that limits the scope of the search.

For the generic connector configuration options, see Configure connector profile.

About scan inboxes and home directories

eCopy PaperWorks can use either scan inboxes or network home directories to store scanned documents received from the Scan to Desktop Connector:

Scan inboxes: The connector creates scan inboxes when users first use the connector at a device. The connector creates scan inboxes in folders located beneath the Inbox root directory.

When the connector creates scan inboxes, it assigns the permissions needed to ensure the appropriate level of scan inbox privacy. The connector uses the ShareScan Administrator group you designate in the Scan to Desktop Properties window to implement the required security.
Home Directories: The network administrator must create these directories. If you configure the connector to use a network home directory to store scanned documents, the connector automatically uses the Scan to Self and Authenticate Users options. Network security ensures that only the Local Administrator, the ShareScan Administrator, and the local user can read from or write to the root of the network home directory or to the specified subdirectory. Scan to Desktop must connect to the specified folder as the owner of the home directory.

Network home directories configured through a logon script are not supported.

You configure a Scan to Desktop connector profile to scan to a single inbox type: scan inboxes or network home directories. You cannot configure the connector profile to scan to both types of inboxes. However, if you modify the inbox type in the connector profile, so that some users have scan inboxes while others have network home directories, both types of inboxes can coexist on the same system.

Security settings for scan inboxes

System	Role	Permissions
Windows Active Directory	Administrators	Full control
	Domain Administrators	Full control Not used in workgroups
	<groupname> (your designated ShareScan Administrator group)	Full control
	<owner>	Full control of the owner's individual inbox folder
Novell	Admin	Full control
	<groupname> (your designated ShareScan Administrator group)	Full control
	<owner>	Full control

System	User	Domain	Inbox Location
Windows Active Directory	User1	Using the Multiple domain mode option (only if required)	\\Server\Inbox Root\xyz.com\<domain_name>\User1
Novell (NDS)	Cn=testuser, ou=engineering, 0=ecopy	When using the Use eDirectory hierarchy (only if required)	\\Server\Inbox Root\eCopy\engineering\testuser

System

User

Domain

Inbox Location

Windows Active Directory

User1

Using the Multiple domain mode option (only if required)

\\Server\Inbox Root\xyz.com\<domain_name>\User1

Novell (NDS)

Cn=testuser,

ou=engineering,

0=ecopy

When using the Use eDirectory hierarchy (only if required)

\\Server\Inbox Root\eCopy\engineering\testuser

About the Inbox root directory

The Inbox root directory, which was called “Inbox Management Directory” in previous versions of ShareScan, contains scan inboxes and a file named userdirs.txt. When users at a device use the connector for the first time, their names and the paths to their scan inboxes or network home directories are added to the userdirs.txt file.

The Inbox Agent uses the userdirs.txt file to provide eCopy PaperWorks with the path information that eCopy PaperWorks needs to connect to scan inboxes or network home directories.

Before you can use the Scan to Desktop Connector, you must configure the Inbox root directory.

The connector automatically assigns specific file and folder permissions to ensure inbox security depending on your network environment.

Inbox root directory permissions (Windows)

Windows (NTFS)
<inbox root directory>	Administrators	Full control: applied automatically
	<groupname> (your designated ShareScan Administrator group)	Full control: applied automatically
	Everyone	Read (List folder): applied automatically
userdirs.txt	Administrators	Full control: applied automatically
	<groupname> (your designated ShareScan Administrator group)	Full control: applied automatically
	Everyone	Read: applied automatically

Inbox root directory permissions (Novell Netware [NDS])

Novell Netware (NDS)
<inbox root directory>	Administrators	Full control: applied automatically
	Domain Admins (not used in workgroups)	Full control: applied automatically
	<groupname> (your designated ShareScan Administrator group)	Full control: applied automatically
	Everyone	List folder: applied manually
userdirs.txt	Administrators	Full control: applied automatically
	Domain Admins (not used in workgroups)	Full control: applied automatically
	<groupname> (your designated ShareScan Administrator group)	Full control: applied automatically
	Everyone	None: applied manually

Supporting multiple Inbox root directories

For information on the support of multiple Inbox root directories, refer to the Ask eCopy knowledge base, or contact eCopy Customer Support.

About the Inbox Agent

The eCopy Inbox Agent is a Windows Service that is installed with the ShareScan Manager. It uses the userdirs.txt file to provide eCopy PaperWorks with the path information that eCopy PaperWorks needs to connect to scan inboxes or network home directories. eCopy PaperWorks uses the UDP (User Datagram Protocol) to communicate with the Inbox Agent.

The default UDP server port is 9999 and the client port is 8888. The default multicast server and client IP address is 239.254.5.6. If you need to change these settings, contact Customer Support for assistance.

If you are logged on to your computer as <auser>, eCopy PaperWorks sends a UDP message to the Inbox Agent requesting the path to your scan inbox. The Inbox Agent looks up <auser> in the userdirs.txt file and returns the path to eCopy PaperWorks , which uses it to open <auser>'s scan inbox.

If you do not enable the Inbox Agent, each eCopy PaperWorks user must manually configure the path to the scan inbox. For more information about configuring eCopy PaperWorks, see the eCopy PaperWorks documentation or Help.

Pre-configuring the connector

If you are migrating from an earlier version of eCopyShareScan and have already configured an Inbox root directory, you can use the existing location and settings. You can also import profiles from earlier versions of the connector using the Import / Export tool in the Administration Console. For more information, see the Administration Console Help.
If you have a Novell network with multiple trees, you must set the Preferred tree field in the Novell client configuration so that the Inbox Agent and this connector will function properly.

Before you can configure Scan to Desktop, a network administrator must complete the following steps:

To pre-configure Scan to Desktop:

Create the Inbox root directory.

If the directory is on a Microsoft or Novell network, you must share it.
Create a service account that will deliver scanned documents to scan inboxes or to network home directories.
Add the service account to a new or existing group in one of the following locations:
- On the domain controller, for Windows domain-based networks.
- On NDS, for Novell networks.
- On the local machine, for workgroups.
ShareScan uses this group when assigning permissions to the Inbox root directory and scan inboxes.
Give the group Full Control access rights to the Inbox root directory.
For workgroup implementations only, on the computer where the scan inboxes are located, create a local account for each user of Scan to Desktop.

If multiple Managers are pointing to the same userdirs.txt file in the Inbox root directory, the group to which the service account belongs must be identical on all those Managers.

Scan Inbox settings

The environment settings depend on the environment type that you select in the Scan to Desktop Properties window. The General Settings are the same for all environments.

Field Name	Description
Environment type	Select the environment type from the list: Windows Active Directory Novell eDirectory Local Computer (Workgroup)
Service account settings	The given credentials must be validated via the Test button, otherwise you cannot proceed. To access the advanced customization options, click the Advanced button.
ShareScan Administrator	Select a group you are part of. That group is used when creating files and applying permissions to them. The permissions allow members of the selected group to read the created files.
Inbox	Setup the destination path. For more customized settings, click the Advanced button.
If file name already exists	The following options are available: Overwrite always: overwrites the existing file with the new one. Create unique file name (.1, .2): creates a new file with a number postponed to its end. Return error: returns an error indicating the problem. The user will have to go back and do anything which is necessary to create a new filename.

Inbox settings

Field Name	Description
Inbox type	Select from the following options: ShareScan Inbox: a $domain\$user structure is created under the specified Root path. Files are moved to the appropriate user’s directory. When selected, the user can choose to send it to multiple recipients by selecting Recipient: Multiple. Home directory: a single recipient is allowed, and a subdirectory is needed. The connector puts the files under that directory. Root path is ignored in this case. If the subdirectory does not exist, it is created.
Alternate path for folder root - do not set it to the user's HOME folder	Only if Inbox Type is configured as Home Directory. Determines where the files are created, if Home folder is not defined for a user or users. In this case, the system creates a folder for the user automatically to be used as a scan inbox. A file named as userdirs.txt is created to store the connector's accounting information. Here you have to browse for the folder you created as a completely separate share on the network for users that do not have a Home folder configured. This is NOT the same as the root to the Home folder structure that exists on the network (where AD points to for each user's Home folder). When you click OK on the warning dialog box, you confirm that ShareScan can modify the permissions on the share. If set - incorrectly - to the Home folder, every user will be locked out of their Home directories.
Scan Inbox Folder	Only if Inbox Type is configured as ShareScan Inbox. Determines where the files are created. A file named as userdirs.txt is created to store the connector's accounting information. The system creates a folder for the user automatically to be used as a scan inbox.
Recipient	Self: Files are sent only to the sender Multiple: Files are sent to multiple recipients Authenticate user: Select this check box to authenticate each user
Single domain mode	Available only if Windows Active Directory environment type is selected.
Multiple domain mode	Available only if Windows Active Directory environment type is selected.
Use custom path for the file in notification message	Select this check box to use a custom path for the file.
Create zip archive from multipart output	Select this check box to create a zip archive from multipart outputs.
Generate password for the archive	Only available if Use custom path for the file in notification message check box is selected.
Subfolder	Name of the subfolder for the Home directory.
Use service account when user credentials are incompletely set by service	Only applicable if the Environment type is set to Windows Active Directory, and the Inbox type is Home directory. If checked, and a service providing any type of user credential is used (ID Service, Cost Recovery, Session Logon) but that service does not provide an user password, the connector uses the service account specified here to store the document of the Home directory \ Subfolder of the specified user. If cleared, the document is stored under the Root path.

Destination settings

Scan to Desktop enables you to scan to the following destination types:

Windows Folder
Novell Folder

For each type of folder, you must supply the folder location and authentication settings.

Section	Field	Description
If a scanned image file already exists		Specifies the action for the connector to take if the recipient’s scan inbox already contains a scanned document with the same file name: Overwrite always: Replaces an existing scanned document with the one the connector is currently saving. Return error: Displays an error message prompting the user at the device to change the file name. Create unique file name: Adds a unique number to the file name, for example filename.1, filename.2. The scanned document is saved to the location using a unique file name and the existing document is not overwritten.
Folder location	Path to the folder	Destination information for the scanned documents. Click the Browse button and then select a folder.
	Enable subfolder navigation	Enables users to select a subfolder at the device.
	Maximum folder levels	The number of folder levels down that users may navigate.
Authentication	Authenticate user	The options are: None: Sends scanned documents to the destination without requiring user authentication. The Services Manager requires write access to the destination. Logon as: Sends scanned documents to the destination using the specified authentication information; the user does not need to enter authentication information at the device. Specify the domain/tree, user ID, and password to use for authentication. The specified account requires write access to the destination. Runtime: Sends scanned documents to the destination after the user enters authentication information at the device and logs on to the destination. Specify a user ID, password and a domain or tree so that the connector can retrieve the user list at runtime and enable users to search the user list. Test the credentials to verify that the connector can retrieve the user list using the specified credentials.
	Advanced	Enables you to configure the Advanced account settings.

Advanced account settings

Advanced account settings are used in the configuration of scan inboxes and destinations.

Windows Active Directory advanced settings

Field Name	Description
Global Catalog server	You can set the following options for the Global Catalog server: Locate server at runtime: the connector checks for the Global Catalog during runtime. If it fails, the user cannot validate the service account. Always use the following server: the validation uses the given server LDAP port: LDAP port number of the Global Catalog server. The default is 3268. Server requires SSL: check if the server requires communication via SSL.
Search	Allows you to specify the attributes of the searches. The available settings are: Base DN: Determines the LDAP search starts when typing in the LDAP authentication form or the Send form. Empty base DN prompts an error. Scope: Can be set to All levels below starting point or One level below starting point. Search on: Allows defining the attributes to be searched on. Search while typing
Domain controller settings	You can set the following options: LDAP port Server requires SSL

Field Name

Description

Global Catalog server

You can set the following options for the Global Catalog server:

Locate server at runtime: the connector checks for the Global Catalog during runtime. If it fails, the user cannot validate the service account.
Always use the following server: the validation uses the given server
LDAP port: LDAP port number of the Global Catalog server. The default is 3268.
Server requires SSL: check if the server requires communication via SSL.

Allows you to specify the attributes of the searches.

The available settings are:

Base DN: Determines the LDAP search starts when typing in the LDAP authentication form or the Send form. Empty base DN prompts an error.
Scope: Can be set to All levels below starting point or One level below starting point.
Search on: Allows defining the attributes to be searched on.
Search while typing

Domain controller settings

You can set the following options:

LDAP port
Server requires SSL

Novell eDirectory settings

Field Name	Description
eDirectory server	You can set the following options for the eDirectory server: Locate server at runtime: The connector checks for the eDirectory server during client runtime. If it fails, the user cannot validate the service account. Always use the following server: The validation uses the given server. LDAP port: LDAP port number of the Global Catalog server. The default is 389. Server requires SSL: Check if the server requires communication via SSL. Server allows Anonymous Bind
Search	Allows you to specify the attributes of the searches. The available settings are: Base DN: Determines the LDAP search starts when typing in the LDAP authentication form or the Send form. Empty base DN prompts an error. Scope: Can be set to All levels below starting point or One level below starting point. Search on: Allows defining the attributes to be searched on. Search while typing

Field Name

Description

eDirectory server

You can set the following options for the eDirectory server:

Locate server at runtime: The connector checks for the eDirectory server during client runtime. If it fails, the user cannot validate the service account.
Always use the following server: The validation uses the given server.
LDAP port: LDAP port number of the Global Catalog server. The default is 389.
Server requires SSL: Check if the server requires communication via SSL.
Server allows Anonymous Bind

Allows you to specify the attributes of the searches.

The available settings are:

Base DN: Determines the LDAP search starts when typing in the LDAP authentication form or the Send form. Empty base DN prompts an error.
Scope: Can be set to All levels below starting point or One level below starting point.
Search on: Allows defining the attributes to be searched on.
Search while typing

Local Computer (Workgroup) settings

Field Name	Description
Search	Allows you to specify the attributes of the searches. The available settings are: Search on: Allows defining the attributes to be searched on. Search while typing

Field Name

Description

Allows you to specify the attributes of the searches.

The available settings are:

Search on: Allows defining the attributes to be searched on.
Search while typing