ActivityHD Release 8.29
System-wide
-
ActivityHD server
Fundamental changes have been introduced which affect how ActivityHD clients communicate with ActivityHD servers when those servers are configured to allow anonymous connections. While these changes do not affect most standard uses of ActivityHD, it is significant for uses of ActivWebAPI and for a few rare situations in which ActivityHD Explorer or other ActivityHD clients must connect anonymously.
Typically, ActivityHD servers refuse connections from anonymous clients. However, starting with ActivityHD 7.26 anonymous connections can be configured using a manual registry change. In the past, a side-effect of configuring ActivityHD servers to allow anonymous connections is that in some cases RPC communications became unencrypted, potentially allowing a user with access to a machine along the network communication path to view the communications and glean information they should not have seen. This is no longer the case.
Prior to the current release, ActivityHD attempted to use encrypted, negotiated authentication of both the client and servers (NTLM or Kerberos). If negotiation failed and returned an access denied error, authentication fell back to trying unencrypted anonymous connections. Normally, ActivityHD servers refuse to connect in the fallback scenario.
Now the fallback to unencrypted communications is no longer attempted. Instead, encrypted SChannel authentication is used. Because SChannel support must be configured on the ActivityHD servers (see below), SChannel is only used when both the client and server agree to use it and the correct trusted certificates are supplied. One certificate is used to establish to the servers that the client is legitimate and another is used by the client to ensure it is connecting to the expected server. The certificates are validated and used to negotiate an encryption protocol between the client and servers so that all significant RPC communications are always encrypted.
For most uses of ActivityHD in which both the client and servers are members of the same domain, the change in behavior is not significant; however, sometimes it is necessary for clients who are not members of the domain to communicate with ActivityHD servers that are inside the domain. In that case, the servers must be configured for SChannel and the clients must supply a trusted certificate to confirm that the connection should be allowed.
When SChannel may be needed
The most common reason for needing SChannel communication between an ActivityHD client and ActivityHD servers is when using ActivWebAPI; specifically, when ActivWebAPI is hosted on a machine that is not a domain member but ActivityHD servers are hosted on a machine in the domain. In this case, users cannot log on to the non-domain machine using domain credentials. In other words, they cannot authenticate to the servers using NTLM or Kerberos authentication mechanisms (Windows user login). Instead, users must use username and password logins to ActivityHD. These connections are typically refused unless the system is configured to allow them. In addition, the client must demonstrate that it is in the allowed group by trusting the server-supplied certificate and by presenting its own certificate which is trusted by the servers.
In addition to the ActivWebAPI scenario, there are rare situations requiring SChannel configuration in which Activity Explorer is used on a machine which is not a domain member and a connection is needed to ActivityHD servers which are running inside the domain.
Configure ActivityHD servers to allow SChannel authentication
To configure ActivityHD servers to allow anonymous SChannel connections, you must use the command line of ActivitySystemServer.exe. In the future, AccountingWare plans to add the ability to configure SChannel from Activity Manager.
To view the new configuration option in ActivitySystemServer.exe, run it with the -? command line option:
ActivitySystemServer.exe -?
This command displays a help message that describes the configuration option. The following syntax description from the message is relevant:
ActivitySystemServer.exe -configure server database login password [certificate]
-configure: set or modify the server to use for the system database
server: the SQL Server name
database: the database name
login: the login name
password: the password for the login
certificate: optional SChannel certificate thumbprint (Personal, Local Machine store)
The last part of the -configure switch is an optional SChannel certificate thumbprint. A certificate thumbprint consists of a 40-byte, hexadecimal string. The certificate you specify should be a certificate thumbprint stored in the Personal, Local Machine certificate store. The CN attribute (subject) of the certificate should be the complete machine name, including the domain, where the ActivityHD servers are running. This information can be found as the "Full device name" under the properties of your PC. Alternatively, the certificate can specify this information in the "Subject Alternative Name" property under the DNS Name attribute.
Install the certificate into the Personal, Local Machine certificate store on the server machine. The certificate should include a private key. Moreover, the certificate must be trusted by the clients. To be trusted, install the public key portion of the certificate or the issuer (never export private keys!) into the trusted root certificates store on the client machine.
Once configured on the server, SChannel authentication is available and will present the certificate to clients that request SChannel authentication.
Configure ActivityHD clients to use SChannel authentication
To configure ActivWebAPI to use SChannel authentication when it connects to ActivityHD servers, edit the appsettings.json file to add a "Certificate Thumbprint" property that contains the 40-byte, hexadecimal thumbprint of a certificate from the Personal, Current User store. Use the user store of the user under which ActivWebAPI will be run (see IIS settings).
The E attribute (subject) of the certificate must identify the domain user. This is usually accomplished by means of an email address. Alternatively, it can be done in the "Subject Alternative Name" property (Other Name: Principal Name or RFC822 Name attribute).
Install the certificate into the user's Personal, Current User certificate store. Include a private key. Also, the certificate must be trusted by the server. To be trusted, install the public key portion of the certificate or the issuer (never export private keys!) into the trusted root store on the server machine.
After the certificate is installed into the Personal, Current User certificate store and is trusted by the server, ActivWebAPI can use it as can Activity Explorer with a new switch.
In the unusual circumstance (typically for troubleshooting) that you need to use SChannel authentication from Activity Explorer, a new command line switch is available to provide the certificate thumbprint. To see information about the new switch, run Activity.exe with the -? command line option. The relevant portion of the help message that displays is:
-certificate THUMBPRINT
SChannel certificate thumbprint (Personal of current user)
In other words, to use SChannel authentication from Activity Explorer, run Activity.exe from the command line and supply the -certificate switch followed by the 40-character hexadecimal string that specifies the certificate thumbprint. (If you need to do this often, you can create a shortcut.)
Self-signed certificates
Self-signed certificates can be used as long as they are properly trusted.
An easy way to create a self-signed certificate is to use the "Request New Certificate" option of the certificate manager. You can do this both on the server machine and the client machine. The resulting certificates should be acceptable for SChannel encryption as long as they are exported (do not export private keys!) and then reimported on the other machine into the trusted root certificate store.
-
ActivMonitor
Previously, the ActivMonitor service could get errors which required restarting.
The RPC server is already listening.
The issue has been addressed.
-
Bots
Activity System > Administration > Bots
[Company] > Administration > Bots
The recommended version of VBSEdit has been updated to v22.10.14.5. The installer is available in the distribution folder Extras\VBSEdit.
VBSEdit is an optional and separately installed editor and debugger which can be used for bot creation and maintenance in ActivityHD.
Important!
The VBSEdit installer must be run as an administrator passing the cmd line switch
/allusers***. -
Bots
Activity System > Administration > Bots
[Company] > Administration > Bots
A new TempFile automation object has been introduced to make certain automation tasks easier. The TempFile object provides a FilePath that automatically gets deleted.
Use Activity.NewTempFile to create a new TempFile object.
TempFile properties/methods:
Property FilePath As String. Returns the path of the temporary file.Sub Delete. Immediately deletes the file at the path.Sub Release. Avoids immediate deletion of the file. Use this method to hand off the file to another application.
-
Bots
Activity System > Administration > Bots
[Company] > Administration > Bots
Previously, the file created by the Report.ExportToTempFile automation method could have a file extension that did not coincide with the requested report output. The method now produces a file with the appropriate file extension.
Accounts Payable
-
Generate 1099s
Accounts Payable > Vendors > [right-click] > Select and Generate 1099s
The Generate 1099s process is now ready to handle reporting for the 2022 tax reporting year. Updates have been introduced to 1099 reporting for forms 1099-DIV, 1099-INT, 1099-MISC, 1099-NEC, and 1099-R.
These updates include:
- Amount descriptions changed to use new box numbers.
- Copy B form images updated for 2022.
- Updated report designs for Copy A and Copy B.
- Minor changes to the electronic file structure.
Most notably, the following changes have occurred in ActivityHD:
- Generate 1099s. The wizard includes a new FATCA Filing Requirement checkbox to indicate whether your organization is subject to FATCA provisions. Mark the checkbox if FATCA compliance is required.
- Form 1099-DIV. The FATCA Filing Requirement checkbox is now assigned box number 11. As a consequence, box numbers 11 through 15 have been renumbered 12 through 16, respectively.
- Form 1099-MISC. The FATCA Filing Requirement checkbox is now assigned box number 11. As a consequence, box numbers 11 through 15 have been renumbered 12 through 16, respectively.
- Because an account is required for FATCA reporting, the vendor code now prints in the "Account number" box if the FATCA Filing Requirement checkbox is marked.
Finally, several IRS forms have been changed to continuous forms in 2022, meaning a specific year is no longer printed on the face of the form. Instead, ActivityHD fills in the year for you. Among those forms changed to continuous are 1099-DIV, 1099-INT, 1099-MISC, and 1099-NEC.
-
Invoices/Recurring Invoices
Accounts Payable > Invoices
Accounts Payable > Invoices > Recurring
A new Owner field has been introduced on AP invoices and on recurring invoices and is visible if the Purchasing package is installed. An owner is an operator defined in the Purchasing package. The Owner field is provided to help in operational processes and will be especially helpful if the soon-to-be introduced invoice approval feature is enabled.
The owner specified on a recurring invoice is automatically copied to the invoice which results when the recurring invoice is processed. If an owner is not specified on the recurring invoice, the owner on the resulting invoice defaults to the operator who ran the process. In order to take advantage of the automatic default feature, operators must be data linked to authorized user records.
-
Recurring Invoices
Accounts Payable > Invoices > Recurring
A problem was introduced in ActivityHD 8.12-0 which caused the Create Intercompany Detail (Ctrl+I) function on AP recurring invoices to stop working properly. When the function was invoked, existing intercompany detail lines were deleted, but the intercompany due-to and due-from distribution lines were not created.
Now the function properly deletes detail lines and creates the due-to and due-from distribution lines.
Accounts Receivable
-
Print AR Invoices
Accounts Receivable > Invoices > [select invoices in the HD view] >
Previously, if you printed invoices from the HD view, when you reached the "Print Invoices" step of the Print AR Invoices wizard, the Answers field and its Save icon were cut off.
This anomaly has been fixed.
Fixed Assets
-
Calculation controls
Fixed Assets > Setup > Calculation Controls
Calculation controls for the "Percent of Net Value" depreciation method are now built in. This method is used by Canada's capital cost allowance (CCA) classes.
The new calculation controls are:
PNV0 0% of Net Value (CCA) PNV4 4% of Net Value (CCA) PNV5 5% of Net Value (CCA) PNV10 10% of Net Value (CCA) PNV20 20% of Net Value (CCA) PNV30 30% of Net Value (CCA) PNV40 40% of Net Value (CCA) PNV45 45% of Net Value (CCA) PNV50 50% of Net Value (CCA) PNV55 55% of Net Value (CCA) PNV100 100% of Net Value (CCA) The new built-in controls use the half-year convention.
Existing calculation controls with the same code are converted to the built-ins.
Payroll/Human Resources
-
Checks Proof Report
Payroll/Human Resources > Checks > [right-click] > Select and Report > Checks Proof Report
Previously, the Checks Listing included an alternate built-in design called "Checks Proof Color". This design presented check lines subtotaled by type (Pay, Deduction, Tax, Statistic). The result amounts were shown in color to match the colors in the Check window (i.e., green for pay, red for deduction, blue for employer tax/deduction). Unfortunately, the report was difficult to find since you had to know to run the Checks Listing and select the Checks Proof Color design. Alternatively, you could set up a saved answer that used the alternate design or set up a dashboard gadget that opened the report. Moreover, the alternate design was more of an analysis report than a traditional listing, so its placement was not intuitive.
Now a separate Checks Proof Report has been added to the menu. Currently, the dialog exactly mimics the Checks Listing dialog and the default design is the same ever-popular "Checks Proof Color" design.
For continuity, the old Checks Listing color design remains in place (along with the non-colorized version), but it is no longer built in. That means that after you change any saved answers and dashboard gadgets to use the new report, you can delete it.
Finally, do not confuse the new report with the report you see during the Proof/Merge process which shows check errors and warnings. These are distinct reports with different purposes. The Checks Proof Report helps you check the accuracy of your checks while the Proof/Merge report checks the fitness of your checks for merging.
-
Export Controls
Payroll/Human Resources > Setup > Export Controls
The export control for reporting USA 2022 W-2 forms electronically in EFW2 format is now available. No field changes were required for the 2022 EFW2 file according to Social Security Administration (SSA) Publication 42-007, EFW2 Tax Year 2022 "Specifications for Filing Forms W-2 Electronically (EFW2)".
For tax year 2022, electronic filers must file wage reports by January 31, 2023.
Since 2016, the Social Security Administration will return electronic and paper wage reports which contain a W-2 with any of the following:
- Medicare Wages and Tips less than the sum of Social Security Wages and Social Security Tips.
- Social Security Tax greater than zero, but Social Security Wages and Social Security Tips equal to zero.
- Medicare Tax greater than zero, but Medicare Wages and Tips equal to zero.
The Generate W-2s wizard validates for these conditions.
The Social Security Administration recommends you use AccuWage to check EFW2 files for format correctness before submitting the files to SSA. For more information, visit the AccuWage Online information page.
-
Export Controls
Payroll/Human Resources > Setup > Export Controls
In the past, if you attempted to import the export control for EFW2, the following error could be returned:
Group (QSEHRA) not found
The group was initially added in ActivityHD version 7.2-0 released on 12/15/2017; however, it was inadvertently dropped from the installation procedure in version 7.14-0 (released 12/5/2018). As a result, any Payroll databases installed after that date would return the error.
Now the error no longer occurs. The group is now added during new installations of Payroll and conversions add the group to existing Payroll databases if it is missing. If the group has been added manually, it is converted to the built-in.
-
Garnishments
Payroll/Human Resources > Employees > Records > Garnishments
Ten states have announced new minimum wage rates taking effect 10/31/2022 and beyond. Most changes occur 1/1/2023. ActivityHD has incorporated these new rates to calculate limits on civil garnishments for the affected states.
Arizona
Minimum hourly wage Effective date $13.85 01/01/2023 California
Minimum hourly wage Effective date $15.50 01/01/2023 Hawaii
Minimum hourly wage Effective date $12.00 10/01/2022 $14.00 01/01/2024 $16.00 01/01/2026 $18.00 01/01/2028 Maryland
Minimum hourly wage Effective date $13.25 01/01/2023 $14.00 01/01/2024 Minnesota
Minimum hourly wage Effective date $10.59 01/01/2023 Montana
Minimum hourly wage Effective date $9.95 01/01/2023 New York
Minimum hourly wage Effective date $14.20 12/31/2022 Ohio
Minimum hourly wage Effective date $10.10 01/01/2023 South Dakota
Minimum hourly wage Effective date $10.80 01/01/2023 Washington
Minimum hourly wage Effective date $15.74 01/01/2023 -
Generate W-2s
Payroll/Human Resources > Employees > [right-click] > Select and Generate W-2s
The "W-2 Forms - L4UP Blank Paper (built-in)" design for printing employee W-2s has been updated for tax year 2022. No changes were required for the built-in Copy A 5201 design.
The deadline for filing 2022 W-2 and W-3 forms with the Social Security Administration, whether printed or electronic, is January 31, 2023.
When ordering W-2 forms, consider whether additional forms are needed for "overflow" due to the additional amounts which may be required for some employees.
- The built-in L4UP design accommodates up to four Box 12 amounts, five Box 14 amounts, two states, and two localities per form.
- The built-in Copy A design accommodates up to four Box 12 amounts, four Box 14 amounts, two states, and two localities per form.
For the past few years, Box 14 amounts on the L4UP design have printed in 6-point font. Now the small font is only used if there are five Box 14 amounts to print. Otherwise, Box 14 amounts are printed in 8-point font to match the rest of the form.
Unlike the last couple of years, qualified sick leave and family leave wages, part of COVID-19 tax relief, are no longer printed on the 2022 W-2 form. The only mention of COVID-19 tax relief in the 2022 instructions is a warning about trying to reconcile Forms W-2 and W-3 to the employer's Form 941 and the taxpayer's Form 1040, Schedule H.